PT-2026-56383 · Libxfont2 · Libxfont2
Published
2026-07-08
·
Updated
2026-07-08
·
CVE-2026-56001
CVSS v3.1
8.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
libXfont2 versions prior to 2.0.8
Description
A heap-based buffer overflow exists in the
BitmapScaleBitmaps() function. The issue is caused by an integer overflow where a 32-bit size calculation wraps, resulting in an undersized heap allocation and subsequent out-of-bounds writes. An attacker with access to the X Server can trigger this by providing crafted font bitmap data, potentially leading to arbitrary code execution within the X server process and takeover of the display server context.Recommendations
Upgrade libXfont2 to version 2.0.8.
Fix
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libxfont2