Source: libxfont
Version: 1:2.0.6-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerabilities were published for libxfont.

CVE-2026-56001[0]:
| A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before
| 2.0.8 due to an overflowing 32bit size could be used by attackers
| able to access the X Server to execute code within the X server cont


CVE-2026-56002[1]:
| A heap bufferflow in pcfReadFont() due to missing glyph bounds
| checking in libXfont2 before 2.0.8  allows attackers authenticated
| as X client to execute code within the X server.


CVE-2026-56003[2]:
| A heap buffer overflow due to missing size checking in the property
| buffer when parsing PCF files in libXfont2 ComputeScaledProperties()
| before libXfont2 before 2.0.8 could be used by attackers using
| authenticated X clients to execute code within the X server.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-56001
    https://www.cve.org/CVERecord?id=CVE-2026-56001
[1] https://security-tracker.debian.org/tracker/CVE-2026-56002
    https://www.cve.org/CVERecord?id=CVE-2026-56002
[2] https://security-tracker.debian.org/tracker/CVE-2026-56003
    https://www.cve.org/CVERecord?id=CVE-2026-56003
[3] https://www.openwall.com/lists/oss-security/2026/07/08/1

Regards,
Salvatore

Reply via email to