Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for libXfont2 by X.Org
CVE-2026-56003 (GCVE-0-2026-56003)
Vulnerability from nvd – Published: 2026-07-08 09:25 – Updated: 2026-07-08 12:06
VLAI
Title
libXfont2 computeProps Property Buffer Heap Buffer Overflow
Summary
A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2026/… | vendor-advisory |
| https://gitlab.freedesktop.org/xorg/lib/libxfont/… | patch |
Date Public
2026-07-08 09:22
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T12:06:32.424595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T12:06:51.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "libXfont2",
"product": "libXfont2",
"repo": "https://gitlab.freedesktop.org/xorg/lib/libxfont/",
"vendor": "X.Org",
"versions": [
{
"lessThan": "2.0.8",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:libxfont2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.8",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"datePublic": "2026-07-08T09:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eA heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.\u003c/pre\u003e"
}
],
"value": "A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T09:25:41.723Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2026/07/08/1"
},
{
"tags": [
"patch"
],
"url": "https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/dff957a5158da038a282a59a31fe736702732939"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "libXfont2 computeProps Property Buffer Heap Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-56003",
"datePublished": "2026-07-08T09:25:41.723Z",
"dateReserved": "2026-06-18T09:26:55.988Z",
"dateUpdated": "2026-07-08T12:06:51.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56002 (GCVE-0-2026-56002)
Vulnerability from nvd – Published: 2026-07-08 09:12 – Updated: 2026-07-08 12:07
VLAI
Title
libXfont2 PCF Font Parsing Heap Buffer Overflow
Summary
A heap bufferflow in pcfReadFont() due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.freedesktop.org/xorg/lib/libxfont/… | patch |
| https://www.openwall.com/lists/oss-security/2026/… | vendor-advisory |
Date Public
2026-07-08 09:08
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T12:07:25.281480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T12:07:36.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "libXfont2",
"product": "libXfont2",
"repo": "https://gitlab.freedesktop.org/xorg/lib/libxfont",
"vendor": "X.Org",
"versions": [
{
"lessThan": "2.0.8",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:libxfont2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.8",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative."
}
],
"datePublic": "2026-07-08T09:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap bufferflow in pcfReadFont() due to missing glyph bounds checking\u0026nbsp;in libXfont2 before 2.0.8\u0026nbsp; allows attackers authenticated as X client to execute code within the X server."
}
],
"value": "A heap bufferflow in pcfReadFont() due to missing glyph bounds checking\u00a0in libXfont2 before 2.0.8\u00a0 allows attackers authenticated as X client to execute code within the X server."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T09:12:51.480Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/b4389e0b1d84a690b819bb27b1439968811a3674"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2026/07/08/1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "libXfont2 PCF Font Parsing Heap Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-56002",
"datePublished": "2026-07-08T09:12:51.480Z",
"dateReserved": "2026-06-18T09:26:55.988Z",
"dateUpdated": "2026-07-08T12:07:36.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56001 (GCVE-0-2026-56001)
Vulnerability from nvd – Published: 2026-07-08 08:49 – Updated: 2026-07-08 12:08
VLAI
Title
libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow
Summary
A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2026/… | vendor-advisory |
| https://gitlab.freedesktop.org/xorg/lib/libxfont/… | patch |
Date Public
2026-07-08 08:15
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T12:08:01.235169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T12:08:45.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "libXfont2",
"product": "libXfont2",
"repo": "https://gitlab.freedesktop.org/xorg/lib/libxfont",
"vendor": "X.Org",
"versions": [
{
"lessThan": "2.0.8",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative."
}
],
"datePublic": "2026-07-08T08:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont"
}
],
"value": "A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont"
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T08:49:24.706Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2026/07/08/1"
},
{
"tags": [
"patch"
],
"url": "https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-56001",
"datePublished": "2026-07-08T08:49:24.706Z",
"dateReserved": "2026-06-18T09:26:55.988Z",
"dateUpdated": "2026-07-08T12:08:45.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56003 (GCVE-0-2026-56003)
Vulnerability from cvelistv5 – Published: 2026-07-08 09:25 – Updated: 2026-07-08 12:06
VLAI
Title
libXfont2 computeProps Property Buffer Heap Buffer Overflow
Summary
A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2026/… | vendor-advisory |
| https://gitlab.freedesktop.org/xorg/lib/libxfont/… | patch |
Date Public
2026-07-08 09:22
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T12:06:32.424595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T12:06:51.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "libXfont2",
"product": "libXfont2",
"repo": "https://gitlab.freedesktop.org/xorg/lib/libxfont/",
"vendor": "X.Org",
"versions": [
{
"lessThan": "2.0.8",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:libxfont2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.8",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"datePublic": "2026-07-08T09:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eA heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.\u003c/pre\u003e"
}
],
"value": "A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T09:25:41.723Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2026/07/08/1"
},
{
"tags": [
"patch"
],
"url": "https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/dff957a5158da038a282a59a31fe736702732939"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "libXfont2 computeProps Property Buffer Heap Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-56003",
"datePublished": "2026-07-08T09:25:41.723Z",
"dateReserved": "2026-06-18T09:26:55.988Z",
"dateUpdated": "2026-07-08T12:06:51.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56002 (GCVE-0-2026-56002)
Vulnerability from cvelistv5 – Published: 2026-07-08 09:12 – Updated: 2026-07-08 12:07
VLAI
Title
libXfont2 PCF Font Parsing Heap Buffer Overflow
Summary
A heap bufferflow in pcfReadFont() due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.freedesktop.org/xorg/lib/libxfont/… | patch |
| https://www.openwall.com/lists/oss-security/2026/… | vendor-advisory |
Date Public
2026-07-08 09:08
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T12:07:25.281480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T12:07:36.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "libXfont2",
"product": "libXfont2",
"repo": "https://gitlab.freedesktop.org/xorg/lib/libxfont",
"vendor": "X.Org",
"versions": [
{
"lessThan": "2.0.8",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:libxfont2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.8",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative."
}
],
"datePublic": "2026-07-08T09:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap bufferflow in pcfReadFont() due to missing glyph bounds checking\u0026nbsp;in libXfont2 before 2.0.8\u0026nbsp; allows attackers authenticated as X client to execute code within the X server."
}
],
"value": "A heap bufferflow in pcfReadFont() due to missing glyph bounds checking\u00a0in libXfont2 before 2.0.8\u00a0 allows attackers authenticated as X client to execute code within the X server."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T09:12:51.480Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/b4389e0b1d84a690b819bb27b1439968811a3674"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2026/07/08/1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "libXfont2 PCF Font Parsing Heap Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-56002",
"datePublished": "2026-07-08T09:12:51.480Z",
"dateReserved": "2026-06-18T09:26:55.988Z",
"dateUpdated": "2026-07-08T12:07:36.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56001 (GCVE-0-2026-56001)
Vulnerability from cvelistv5 – Published: 2026-07-08 08:49 – Updated: 2026-07-08 12:08
VLAI
Title
libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow
Summary
A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2026/… | vendor-advisory |
| https://gitlab.freedesktop.org/xorg/lib/libxfont/… | patch |
Date Public
2026-07-08 08:15
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T12:08:01.235169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T12:08:45.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "libXfont2",
"product": "libXfont2",
"repo": "https://gitlab.freedesktop.org/xorg/lib/libxfont",
"vendor": "X.Org",
"versions": [
{
"lessThan": "2.0.8",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative."
}
],
"datePublic": "2026-07-08T08:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont"
}
],
"value": "A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont"
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T08:49:24.706Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2026/07/08/1"
},
{
"tags": [
"patch"
],
"url": "https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-56001",
"datePublished": "2026-07-08T08:49:24.706Z",
"dateReserved": "2026-06-18T09:26:55.988Z",
"dateUpdated": "2026-07-08T12:08:45.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}