๐Ÿ” CVE Alert

CVE-2026-56001

HIGH 8.5

libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow

CVSS Score
8.5
EPSS Score
0.4%
EPSS Percentile
29th

A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont

CWE CWE-122
Vendor x.org
Product libxfont2
Published Jul 8, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for x.org libxfont2

Be the first to know when new high vulnerabilities affecting x.org libxfont2 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

X.Org / libXfont2
0 < 2.0.8

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
openwall.com: https://www.openwall.com/lists/oss-security/2026/07/08/1 gitlab.freedesktop.org: https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778

Credits

Anonymous working with Trend Micro Zero Day Initiative.