Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks.
{
"cwe_ids": [
"CWE-122"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55999.json",
"cna_assigner": "suse"
}{
"cpe": "cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "24.1.13"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}"2026-07-14T20:50:57Z"
[
{
"source": "https://gitlab.freedesktop.org/xorg/xserver@fbf7bac22e2c6bd627fb042742a23318263edae1",
"id": "CVE-2026-55999-43f2b84a",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "50295195392859656902485110729692536979",
"length": 2882.0
},
"target": {
"file": "glamor/glamor_font.c",
"function": "glamor_font_get"
}
},
{
"source": "https://gitlab.freedesktop.org/xorg/xserver@fbf7bac22e2c6bd627fb042742a23318263edae1",
"id": "CVE-2026-55999-724a7feb",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"256205802703007250886480429390750640075",
"108389889657191679527013848500130517053",
"188844842290314677835893493689882044295",
"92243799859477200178054624547537020841",
"155337682968727078901907984155859287013",
"170356586970718962906198902616287492662",
"118158140617221939657032535219879666883",
"144129914630857878461207923010169803709",
"295234018621287651788771548602848572936",
"118245458529492426289105838885701217346",
"29419100969288637530590322306903439675",
"335772311480029760226592533169761535804"
]
},
"target": {
"file": "glamor/glamor_font.c"
}
}
]
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-55999.json"