CVE-2026-34085

HIGH EPSS 2.5%
Published Mar 25, 20263mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-193

Affected Products 1

VendorProductVersionRange
fontconfig_projectfontconfig2.17.0any

References 3

  • gitlab.freedesktop.org https://gitlab.freedesktop.org/fontconfig/fontconfig/-/commit/b9bec06d73340f1b5727302d13ac3df307b7febc
    Patch
  • gitlab.freedesktop.org https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/446
    Patch
  • gitlab.freedesktop.org https://gitlab.freedesktop.org/fontconfig/fontconfig/-/work_items/481
    Issue Tracking

Remediation

  • gitlab.freedesktop.org https://gitlab.freedesktop.org/fontconfig/fontconfig/-/commit/b9bec06d73340f1b5727302d13ac3df307b7febc
    Patch
  • gitlab.freedesktop.org https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/446
    Patch