CVE-2026-34085 MEDIUM

CVE-2026-34085

Vendor Fontconfig Project
Product fontconfig
Weakness CWE-193
Published March 25, 2026
Last update April 2, 2026

CVSS base score

5.9/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.

Key dates

02Disclosure timeline

March 25, 2026 CVE published
April 2, 2026 Record updated