Home

Description

Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks.

PUBLISHED Reserved 2026-06-18 | Published 2026-07-08 | Updated 2026-07-09 | Assigner suse




HIGH: 8.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-122 Heap-based buffer overflow

Product status

Default status
unaffected

Any version before 21.1.24
affected

Default status
unaffected

Any version before 24.1.13
affected

Credits

Anonymous working with Trend Micro Zero Day Initiative. finder

References

gitlab.freedesktop.org/...c22e2c6bd627fb042742a23318263edae1 patch

www.openwall.com/lists/oss-security/2026/07/08/2 vendor-advisory

cve.org (CVE-2026-55999)

nvd.nist.gov (CVE-2026-55999)

Download JSON