Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-55999
PUBLISHED
More InfoOfficial Page
Assigner-suse
Assigner Org ID-404e59f5-483d-4b8a-8e7a-e67604dd8afb
View Known Exploited Vulnerability (KEV) details
Published At-08 Jul, 2026 | 08:07
Updated At-09 Jul, 2026 | 03:55
Rejected At-
▼CVE Numbering Authority (CNA)
xorg-server / xwayland glamor font atlas Heap Buffer Overflow

Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks.

Affected Products
Vendor
X.Org FoundationX.Org
Product
xorg-server
Package Name
xorg-server
Repo
https://gitlab.freedesktop.org/xorg/xserver/
Default Status
unaffected
Versions
Affected
  • From 0 before 21.1.24 (rpm)
Vendor
X.Org FoundationX.Org
Product
xwayland
Package Name
xwayland
Repo
https://gitlab.freedesktop.org/xorg/xserver/
Default Status
unaffected
Versions
Affected
  • From 0 before 24.1.13 (rpm)
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122 Heap-based buffer overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122 Heap-based buffer overflow
Metrics
VersionBase scoreBase severityVector
3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-234CAPEC-234 Hijacking a privileged process
CAPEC ID: CAPEC-234
Description: CAPEC-234 Hijacking a privileged process
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Anonymous working with Trend Micro Zero Day Initiative.
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://gitlab.freedesktop.org/xorg/xserver/-/commit/fbf7bac22e2c6bd627fb042742a23318263edae1
patch
https://www.openwall.com/lists/oss-security/2026/07/08/2
vendor-advisory
Hyperlink: https://gitlab.freedesktop.org/xorg/xserver/-/commit/fbf7bac22e2c6bd627fb042742a23318263edae1
Resource:
patch
Hyperlink: https://www.openwall.com/lists/oss-security/2026/07/08/2
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found