{"id":"CVE-2026-56001","summary":"libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow","details":"A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont","modified":"2026-07-15T20:54:37.886970Z","published":"2026-07-08T08:49:24.706Z","related":["SUSE-SU-2026:2793-1","SUSE-SU-2026:2794-1","openSUSE-SU-2026:11233-1","openSUSE-SU-2026:21284-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"fixed":"2.0.8"}],"source":"AFFECTED_FIELD"},{"extracted_events":[{"introduced":"libXfont2"},{"fixed":"2.0.8"}],"source":"DESCRIPTION"}],"cna_assigner":"suse","cwe_ids":["CWE-122"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56001.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56001.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-56001"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2026/07/08/1"},{"type":"FIX","url":"https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778"},{"type":"PACKAGE","url":"https://gitlab.freedesktop.org/xorg/lib/libxfont"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/xorg/lib/libxfont","events":[{"introduced":"0"},{"fixed":"be0b08e2d354138d3222b4490e2a77c6ee42f778"}],"database_specific":{"source":"REFERENCES"}}],"versions":["libXfont2-2.0.7","libXfont2-2.0.6","libXfont2-2.0.5","libXfont2-2.0.4","libXfont2-2.0.3","libXfont2-2.0.2","libXfont2-2.0.1","libXfont2-2.0.0","libXfont-1.5.1","libXfont-1.5.0","libXfont-1.4.99.901","libXfont-1.4.7","libXfont-1.4.6","libXfont-1.4.5","libXfont-1.4.4","libXfont-1.4.3","libXfont-1.4.2","libXfont-1.4.1","libXfont-1.4.0","libXfont-1.3.4","libXfont-1.3.3","libXfont-1.3.2","libXfont-1.3.1","libXfont-1.3.0","libXfont-1.2.9","libXfont-1.2.8","libXfont-1.2.7","libXfont-1.2.6","libXfont-1.2.5","libXfont-1.2.4","libXfont-1.2.3","libXfont-1.2.0","libxfont-1_1_0","XORG-7_1","XORG-7_0_99_901","XORG-7_0","XORG-6_99_99_904","MODULAR_COPY","XORG-6_99_99_903","XORG-6_8_99_903","XORG-6_99_99_902","XORG-6_8_99_902","XORG-6_99_99_901","XORG-6_99_99_900","XORG-6_8_99_901","XORG-6_8_99_900","XORG-6_8_99_16","XORG-6_8_99_15","XORG-6_8_99_14","XORG-6_8_99_13","XORG-6_8_99_12","sco_port_update-base","XORG-6_8_99_8","XORG-6_8_99_7","XORG-6_8_99_6","XORG-6_8_99_5","XORG-6_8_99_4","XORG-6_8_99_11","XORG-6_8_99_9","XORG-6_8_99_10","XORG-6_8_99_3","XORG-6_8_99_2","XORG-6_8_99_1","rel-0-6-1","lg3d-rel-0-7-0","lg3d-base","XORG-6_8_1_902","XORG-6_8_1_901","XORG-6_8_1","XORG-6_8_0","XORG-6_7_99_904","XORG-6_7_99_903","XORG-6_7_99_902","XORG-6_7_99_901","XORG-6_7_99_2","XORG-6_7_99_1","XACE-SELINUX-MERGE","xf86-4_4_99_1","xf86-4_4_0","xf86-4_3_99_903","xf86-4_3_99_903_special","xf86-012804-2330","xf86-4_3_99_902","xf86-4_3_99_901","xf86-4_3_99_16","xf86-4_3_0_1","PRE_xf86-4_3_0_1","XORG-MAIN"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56001.json","vanir_signatures_modified":"2026-07-15T20:54:37Z","vanir_signatures":[{"target":{"file":"src/bitmap/bitscale.c"},"deprecated":false,"digest":{"line_hashes":["81295832933059718242031918937967158609","117351198260482526606862390848402423944","309070136679589565329343601092568457025","3620659586663916947820172590024802752","76452448487668046537646664631816832976","150931947096148130537009158871228040393","149522414296942960678163557134754967866","332632198256573217654352487046950557483","69975855321594254990592396698492680946"],"threshold":0.9},"id":"CVE-2026-56001-8b92821e","signature_type":"Line","signature_version":"v1","source":"https://gitlab.freedesktop.org/xorg/lib/libxfont@be0b08e2d354138d3222b4490e2a77c6ee42f778"},{"id":"CVE-2026-56001-a1e2a063","signature_type":"Function","signature_version":"v1","source":"https://gitlab.freedesktop.org/xorg/lib/libxfont@be0b08e2d354138d3222b4490e2a77c6ee42f778","target":{"file":"src/bitmap/bitscale.c","function":"BitmapScaleBitmaps"},"deprecated":false,"digest":{"function_hash":"279086860560038143974252467593032163021","length":1559}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}