CVE-2026-55999

Severity CVSS v4.0:
Pending analysis
Type:
CWE-122 Heap-based Buffer Overflow
Publication date:
08/07/2026
Last modified:
09/07/2026

Description

Local attackers with a X connection able to provide PCX fonts to the X <br /> server xorg-server before 21.2.24 and xwayland before 24.1.13 could <br /> cause a heap buffer overflow via SetFont due to missing glyph boundary checks.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:* 21.2.24 (excluding)
cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:* 24.1.13 (excluding)