CVE-2026-34085
HIGH EPSS 2.5%
Published Mar 25, 20263mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago
Description
fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
2.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-193
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| fontconfig_project | fontconfig | 2.17.0 | any |
References 3
- gitlab.freedesktop.org https://gitlab.freedesktop.org/fontconfig/fontconfig/-/commit/b9bec06d73340f1b5727302d13ac3df307b7febc
- gitlab.freedesktop.org https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/446
- gitlab.freedesktop.org https://gitlab.freedesktop.org/fontconfig/fontconfig/-/work_items/481
Remediation
- gitlab.freedesktop.org https://gitlab.freedesktop.org/fontconfig/fontconfig/-/commit/b9bec06d73340f1b5727302d13ac3df307b7febc
- gitlab.freedesktop.org https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/446