๐Ÿ” CVE Alert

CVE-2026-56003

HIGH 8.5

libXfont2 computeProps Property Buffer Heap Buffer Overflow

CVSS Score
8.5
EPSS Score
0.6%
EPSS Percentile
44th

A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.

CWE CWE-122
Vendor x.org
Product libxfont2
Published Jul 8, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for x.org libxfont2

Be the first to know when new high vulnerabilities affecting x.org libxfont2 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

X.Org / libXfont2
0 < 2.0.8

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
openwall.com: https://www.openwall.com/lists/oss-security/2026/07/08/1 gitlab.freedesktop.org: https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/dff957a5158da038a282a59a31fe736702732939

Credits

Anonymous working with Trend Micro Zero Day Initiative