PT-2026-56383 · Libxfont2 · Libxfont2

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-56001

CVSS v3.1

8.5

High

VectorAV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libXfont2 versions prior to 2.0.8
Description A heap-based buffer overflow exists in the BitmapScaleBitmaps() function. The issue is caused by an integer overflow where a 32-bit size calculation wraps, resulting in an undersized heap allocation and subsequent out-of-bounds writes. An attacker with access to the X Server can trigger this by providing crafted font bitmap data, potentially leading to arbitrary code execution within the X server process and takeover of the display server context.
Recommendations Upgrade libXfont2 to version 2.0.8.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-56001

Affected Products

Libxfont2