GHSA-r49w-hq6h-2w8q
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attacker must be an authenticated X client feeding a crafted font (PR:L), the practical vector is the local X session rather than remote TCP (AV:L), and reliable heap exploitation needs grooming (AC:H); code runs in the high-value X server so C/I/A:H.
Primary rating from Vendor (CNA).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
9Description PRE-NVD
Articles & Coverage 1
AnalysisAI
Heap-based code execution in libXfont2 before 2.0.8 allows an authenticated X client to run arbitrary code inside the X server by supplying a malformed PCF font that trips missing glyph bounds checking in pcfReadFont(). Because X servers frequently run with elevated (often root) privileges, a successful exploit can escalate from a low-privileged client to full host compromise. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours, inventory all systems running libXfont2 and determine current versions using package managers (e.g., 'rpm -q libXfont2' on Red Hat systems or 'dpkg -l | grep libxfont2' on Debian/Ubuntu). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 al
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not proper
Arbitrary code execution in libXfont2 before 2.0.8 lets an authenticated X client corrupt heap memory inside the X serve
Arbitrary code execution in the X.Org libXfont2 library (versions before 2.0.8) stems from a heap buffer overflow in the
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote a
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not proper
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execu
In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary
In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with acce
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as roo
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42211