Vulnerability Details CVE-2026-56003
A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 46.5%
CVSS Severity
CVSS v3 Score 8.5
Products affected by CVE-2026-56003
-
cpe:2.3:a:x:libxfont:2.0.0
-
cpe:2.3:a:x:libxfont:2.0.1
-
cpe:2.3:a:x:libxfont:2.0.2
-
cpe:2.3:a:x:libxfont:2.0.3
-
cpe:2.3:a:x:libxfont:2.0.4