Medium severity5.9NVD Advisory· Published Mar 25, 2026· Updated May 12, 2026
CVE-2026-34085
CVE-2026-34085
Description
fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:fontconfig_project:fontconfig:2.17.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:fontconfig_project:fontconfig:2.17.0:*:*:*:*:*:*:*
- (no CPE)range: <2.17.1
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.