CVE-2026-34085

Published: Mar 25, 2026 Last Modified: Mar 25, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,9

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: low

Description

AI Translation Available

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.

193

Off-by-one Error

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality Access Control

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Instability Modify Memory Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Languages: C, Not Language-Specific

View CWE Details

https://gitlab.freedesktop.org/fontconfig/fontconfig/-/comm…

https://gitlab.freedesktop.org/fontconfig/fontconfig/-/commit/b9bec06d73340f1b5…

https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merg…

https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/446

https://gitlab.freedesktop.org/fontconfig/fontconfig/-/work…

https://gitlab.freedesktop.org/fontconfig/fontconfig/-/work_items/481

CVE-2026-34085

Description

Off-by-one Error

Common Consequences

Applicable Platforms

Iscriviti alla newsletter