CVE-2026-55999

Summary

Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks.

Affected Software

VendorProductVersion RangeStatus
X.Orgxorg-server0 < 21.1.24affected
X.Orgxwayland0 < 24.1.13affected

Weaknesses

  • CWE-122: CWE-122 Heap-based buffer overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References