Bug 2451645 - CVE-2026-34085 fontconfig: Fontconfig: Security flaw allows arbitrary code execution or system crash [fedora-all]
Summary: CVE-2026-34085 fontconfig: Fontconfig: Security flaw allows arbitrary code ex...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: fontconfig
Version: rawhide
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Akira TAGOH
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: {"flaws": ["65df9a0b-8d8a-40c1-a4e1-f...
Depends On:
Blocks: CVE-2026-34085
TreeView+ depends on / blocked
 
Reported: 2026-03-26 09:35 UTC by TEJ RATHI
Modified: 2026-04-07 09:30 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2026-04-07 09:30:50 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description TEJ RATHI 2026-03-26 09:35:19 UTC
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Comment 1 Akira TAGOH 2026-04-07 09:30:50 UTC
The fixed patch has already been backported in 2.17.0-2 (https://src.fedoraproject.org/rpms/fontconfig/c/8bca22ae6843289d280f9d03098bcede86764255?branch=rawhide) and we currently have:

2.16.0-2.fc42 in f42 (not targeted)
2.17.0-3.fc43 in f43 (fixed)
2.17.0-4.fc44 in f44 (fixed)
2.17.0.4.fc44 in rawhide (fixed)


Note You need to log in before you can comment on or make changes to this bug.