Description

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.

INFO

Published Date :

2026-03-25T16:54:37.187Z

Last Modified :

2026-04-02T17:50:01.562Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34085 vulnerability.

Vendors Products
Fontconfig Project
  • Fontconfig
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34085.

URL Resource
https://gitlab.freedesktop.org/fontconfig/fontconfig/-/commit/b9bec06d73340f1b5727302d13ac3df307b7febc cve-icon cve-icon cve-icon
https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/446 cve-icon cve-icon cve-icon
https://gitlab.freedesktop.org/fontconfig/fontconfig/-/work_items/481 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-34085 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-34085 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact