What is CVE-2026-34085?

CVE-2026-34085 is a medium-severity vulnerability in Fontconfig Project, classified under Off-by-one Error. CVSS score: 5.9/10. Published 2026-03-25.

How severe is CVE-2026-34085?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Fontconfig Project

CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.

EPSS: 0.000 (4.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Affected products

Fontconfig Project — versions 0
Fontconfig_project Fontconfig — versions 2.17.0

Weakness classification (CWE)

CWE-193 — Off-by-one Error

References

cve@mitre.org (Patch)
cve@mitre.org (Patch)
cve@mitre.org (Issue Tracking)

Frequently asked questions

What is CVE-2026-34085?: CVE-2026-34085 is a medium-severity vulnerability in Fontconfig Project, classified under Off-by-one Error. CVSS score: 5.9/10. Published 2026-03-25.
How severe is CVE-2026-34085?: Medium severity. CVSS v3 base score is 5.9 out of 10.