A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56001.json",
"cwe_ids": [
"CWE-122"
],
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "2.0.8"
}
],
"source": "AFFECTED_FIELD"
},
{
"extracted_events": [
{
"introduced": "libXfont2"
},
{
"fixed": "2.0.8"
}
],
"source": "DESCRIPTION"
}
],
"cna_assigner": "suse"
}[
{
"source": "https://gitlab.freedesktop.org/xorg/lib/libxfont@be0b08e2d354138d3222b4490e2a77c6ee42f778",
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"81295832933059718242031918937967158609",
"117351198260482526606862390848402423944",
"309070136679589565329343601092568457025",
"3620659586663916947820172590024802752",
"76452448487668046537646664631816832976",
"150931947096148130537009158871228040393",
"149522414296942960678163557134754967866",
"332632198256573217654352487046950557483",
"69975855321594254990592396698492680946"
]
},
"id": "CVE-2026-56001-8b92821e",
"signature_type": "Line",
"target": {
"file": "src/bitmap/bitscale.c"
}
},
{
"source": "https://gitlab.freedesktop.org/xorg/lib/libxfont@be0b08e2d354138d3222b4490e2a77c6ee42f778",
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "279086860560038143974252467593032163021",
"length": 1559.0
},
"id": "CVE-2026-56001-a1e2a063",
"signature_type": "Function",
"target": {
"function": "BitmapScaleBitmaps",
"file": "src/bitmap/bitscale.c"
}
}
]
"2026-07-15T20:54:37Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56001.json"