{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/hardened-images-rpms-fontconfig/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Hardened Images RPMs (fontconfig)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","code-execution","denial-of-service","linux"],"_cs_type":"advisory","_cs_vendors":["Red Hat"],"content_html":"\u003cp\u003eA vulnerability exists in Red Hat Hardened Images RPMs related to the fontconfig package. A local attacker can exploit this vulnerability to achieve arbitrary code execution or trigger a denial-of-service condition. The specific details of the vulnerability are not provided in the source, but the potential impact necessitates immediate attention. This vulnerability affects systems utilizing Red Hat\u0026rsquo;s Hardened Images RPMs and could lead to compromise of sensitive data or system instability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains local access to a system running Red Hat Hardened Images RPMs.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious font configuration file leveraging the fontconfig vulnerability.\u003c/li\u003e\n\u003cli\u003eAttacker places the malicious font configuration file in a location accessible to the fontconfig library (e.g., user-specific font directory).\u003c/li\u003e\n\u003cli\u003eAn application using fontconfig attempts to load the malicious font configuration file.\u003c/li\u003e\n\u003cli\u003eThe vulnerability in fontconfig is triggered during parsing of the malicious file.\u003c/li\u003e\n\u003cli\u003eThis leads to arbitrary code execution within the context of the application using fontconfig.\u003c/li\u003e\n\u003cli\u003eAlternatively, the vulnerability may lead to a denial-of-service condition if the parsing error crashes the application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could allow a local attacker to execute arbitrary code with the privileges of the application using fontconfig. This can result in a full system compromise if the affected application runs with elevated privileges. A denial-of-service condition can also be triggered, impacting system availability. The number of victims and specific sectors targeted are unknown, but any system using the vulnerable Red Hat Hardened Images RPMs is potentially at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or updates from Red Hat for the Hardened Images RPMs to remediate the fontconfig vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor for suspicious file creations in font configuration directories using the \u003ccode\u003efile_event\u003c/code\u003e Sigma rule.\u003c/li\u003e\n\u003cli\u003eInvestigate any application crashes that may be related to fontconfig parsing errors.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-06T10:30:53Z","date_published":"2026-05-06T10:30:53Z","id":"/briefs/2026-05-redhat-fontconfig-vuln/","summary":"A local attacker can exploit a vulnerability in Red Hat Hardened Images RPMs to execute arbitrary code or cause a denial of service.","title":"Red Hat Hardened Images RPMs Fontconfig Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-redhat-fontconfig-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed — Hardened Images RPMs (Fontconfig)","version":"https://jsonfeed.org/version/1.1"}