Skip to main content

Fontconfig

2 CVEs product

Monthly

CVE-2026-34085 MEDIUM PATCH This Month

An off-by-one error in fontconfig before version 2.17.1 allows a one-byte out-of-bounds write in the FcFontCapabilities function within fcfreetype.c during sfnt capability handling. This vulnerability affects all versions of fontconfig prior to 2.17.1 across multiple platforms, potentially enabling local attackers without special privileges to crash the application or execute arbitrary code. A patch is available through the official fontconfig GitLab repository, and given the memory corruption nature of the defect, exploitation is feasible on systems with fontconfig-dependent applications.

Buffer Overflow RCE Fontconfig
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2016-5384 HIGH PATCH This Week

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Fedora Fontconfig Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

An off-by-one error in fontconfig before version 2.17.1 allows a one-byte out-of-bounds write in the FcFontCapabilities function within fcfreetype.c during sfnt capability handling. This vulnerability affects all versions of fontconfig prior to 2.17.1 across multiple platforms, potentially enabling local attackers without special privileges to crash the application or execute arbitrary code. A patch is available through the official fontconfig GitLab repository, and given the memory corruption nature of the defect, exploitation is feasible on systems with fontconfig-dependent applications.

Buffer Overflow RCE Fontconfig
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Fedora Fontconfig +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy