Source: libxfont Version: 1:2.0.6-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for libxfont. CVE-2026-56001[0]: | A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before | 2.0.8 due to an overflowing 32bit size could be used by attackers | able to access the X Server to execute code within the X server cont CVE-2026-56002[1]: | A heap bufferflow in pcfReadFont() due to missing glyph bounds | checking in libXfont2 before 2.0.8 allows attackers authenticated | as X client to execute code within the X server. CVE-2026-56003[2]: | A heap buffer overflow due to missing size checking in the property | buffer when parsing PCF files in libXfont2 ComputeScaledProperties() | before libXfont2 before 2.0.8 could be used by attackers using | authenticated X clients to execute code within the X server. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-56001 https://www.cve.org/CVERecord?id=CVE-2026-56001 [1] https://security-tracker.debian.org/tracker/CVE-2026-56002 https://www.cve.org/CVERecord?id=CVE-2026-56002 [2] https://security-tracker.debian.org/tracker/CVE-2026-56003 https://www.cve.org/CVERecord?id=CVE-2026-56003 [3] https://www.openwall.com/lists/oss-security/2026/07/08/1 Regards, Salvatore

