JLSEC-2026-79

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-79.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-79.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2026-79

Upstream

CVE-2026-34085

Published

2026-04-11T14:47:51.147Z

Modified

2026-04-11T15:00:06.029332Z

Summary

[none]

Details

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c.

Database specific

{
    "sources": [
        {
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-34085",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34085",
            "modified": "2026-03-27T21:39:33.240Z",
            "id": "CVE-2026-34085",
            "imported": "2026-04-11T04:05:18.497Z",
            "published": "2026-03-25T17:17:09.210Z"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia / Fontconfig_jll

Package

Name: Fontconfig_jll
Purl: pkg:julia/Fontconfig_jll?uuid=a3f928ae-7b40-5064-980b-68af3947d34b

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.17.1+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-79.json"