CVE-2026-56003

NameCVE-2026-56003
DescriptionA heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4678-1, DSA-6388-1
Debian Bugs1141702

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libxfont (PTS)bullseye1:2.0.4-1vulnerable
bullseye (security)1:2.0.4-1+deb11u1fixed
bookworm, trixie1:2.0.6-1vulnerable
bookworm (security)1:2.0.6-1+deb12u1fixed
trixie (security)1:2.0.6-1+deb13u1fixed
forky, sid1:2.0.8-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libxfontsourcebullseye1:2.0.4-1+deb11u1DLA-4678-1
libxfontsourcebookworm1:2.0.6-1+deb12u1DLA-4678-1
libxfontsourcetrixie1:2.0.6-1+deb13u1DSA-6388-1
libxfontsource(unstable)1:2.0.8-11141702

Notes

https://www.openwall.com/lists/oss-security/2026/07/08/1
Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/dff957a5158da038a282a59a31fe736702732939 (libXfont2-2.0.8)

Search for package or bug name: Reporting problems