CVE-2026-34085

ADVISORY - nist

Summary

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-193⁠

Off-by-one Error

ADVISORY - redhat

CWE-193⁠

Off-by-one Error

Impacted images

Advisories

NIST

CREATED

23 hours ago

UPDATED

23 hours ago

ADVISORY IDCVE-2026-34085⁠

EXPLOITABILITY SCORE

2.5

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-193⁠

CVSS SCORE

5.9medium

Debian

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY IDCVE-2026-34085⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

5 hours ago

UPDATED

5 hours ago

ADVISORY IDCVE-2026-34085⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

23 hours ago

UPDATED

3 hours ago

ADVISORY IDCVE-2026-34085⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-193⁠

CVSS SCORE

6.6medium