Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-56001
PUBLISHED
More InfoOfficial Page
Assigner-suse
Assigner Org ID-404e59f5-483d-4b8a-8e7a-e67604dd8afb
View Known Exploited Vulnerability (KEV) details
Published At-08 Jul, 2026 | 08:49
Updated At-09 Jul, 2026 | 03:55
Rejected At-
▼CVE Numbering Authority (CNA)
libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow

A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont

Affected Products
Vendor
X.Org FoundationX.Org
Product
libXfont2
Package Name
libXfont2
Repo
https://gitlab.freedesktop.org/xorg/lib/libxfont
Default Status
unaffected
Versions
Affected
  • From 0 before 2.0.8 (rpm)
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122 Heap-based buffer overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122 Heap-based buffer overflow
Metrics
VersionBase scoreBase severityVector
3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-234CAPEC-234 Hijacking a privileged process
CAPEC ID: CAPEC-234
Description: CAPEC-234 Hijacking a privileged process
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Anonymous working with Trend Micro Zero Day Initiative.
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.openwall.com/lists/oss-security/2026/07/08/1
vendor-advisory
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778
patch
Hyperlink: https://www.openwall.com/lists/oss-security/2026/07/08/1
Resource:
vendor-advisory
Hyperlink: https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Details not found