VYPR
Medium severity5.9NVD Advisory· Published Mar 25, 2026· Updated May 12, 2026

CVE-2026-34085

CVE-2026-34085

Description

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:fontconfig_project:fontconfig:2.17.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:fontconfig_project:fontconfig:2.17.0:*:*:*:*:*:*:*
    • (no CPE)range: <2.17.1
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.