Vulnerability Description
fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fontconfig Project | Fontconfig | 2.17.0 |
Related Weaknesses (CWE)
References
- https://gitlab.freedesktop.org/fontconfig/fontconfig/-/commit/b9bec06d73340f1b57Patch
- https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/446Patch
- https://gitlab.freedesktop.org/fontconfig/fontconfig/-/work_items/481Issue Tracking
FAQ
What is CVE-2026-34085?
CVE-2026-34085 is a vulnerability with a CVSS score of 5.9 (MEDIUM). fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontC...
How severe is CVE-2026-34085?
CVE-2026-34085 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-34085?
Check the references section above for vendor advisories and patch information. Affected products include: Fontconfig Project Fontconfig.