PT-2026-56334 · X.Org Foundation · Xorg-Server+1

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-55999

CVSS v3.1

8.5

High

VectorAV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions xorg-server versions prior to 21.2.24 xwayland versions prior to 24.1.13
Description Local attackers with an X connection can cause a heap buffer overflow by providing PCX fonts to the X server. This occurs due to missing glyph boundary checks within the SetFont() function. A heap buffer overflow is a memory corruption issue where a program writes more data to a heap-allocated buffer than it can hold, potentially leading to crashes or arbitrary code execution.
Recommendations Update xorg-server to version 21.2.24 or later. Update xwayland to version 24.1.13 or later.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-55999

Affected Products

Xorg-Server
Xwayland