Skip to main content

X Server EUVDEUVD-2026-42188

| CVE-2026-55999 HIGH
Heap-based Buffer Overflow (CWE-122)
7.8
CVSS 3.1 · NVD
Share

Severity by source

Vendor (CNA) PRIMARY
HIGH
qualitative
NVD
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local X connection required (AV:L, PR:L) with no victim interaction (UI:N); heap corruption in the display server yields high C/I/A and no scope change.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (CNA).

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Jul 09, 2026 - 19:59 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 09, 2026 - 19:58 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 09, 2026 - 19:52 vuln.today
cvss_changed
CVSS changed
Jul 09, 2026 - 19:52 NVD
8.5 (HIGH) 7.8 (HIGH)
Patch available
Jul 08, 2026 - 09:01 EUVD
Analysis Generated
Jul 08, 2026 - 02:19 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Local privilege escalation via heap buffer overflow in the X.Org Server (versions before 21.1.24) and Xwayland (before 24.1.13) allows a local user holding an X connection to corrupt heap memory by supplying a malicious PCX font. The flaw lives in the SetFont code path, where missing glyph boundary checks let an oversized or malformed glyph write past its heap allocation, yielding full confidentiality, integrity, and availability impact (CVSS 7.8). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Identify all systems running X.Org Server (versions before 21.1.24) or Xwayland (before 24.1.13) and assess exposure across desktop and development workstations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2018-14665 MEDIUM POC
6.6 Oct 25

A flaw was found in xorg-x11-server before 1.20.3. Rated medium severity (CVSS 6.6), this vulnerability is low attack co

CVE-2019-17624 HIGH POC
7.8 Oct 16

"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. Rated high severity (C

CVE-2017-10971 HIGH
8.8 Jul 06

In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context

CVE-2026-56000 CRITICAL
9.0 Jul 08

Use-after-free in the GLX dispatch layer of X.Org X Server and Xwayland allows an authenticated X client to corrupt heap

CVE-2022-46344 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-46343 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-46342 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-46341 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-46340 HIGH
8.8 Dec 14

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low atta

CVE-2022-3550 HIGH
8.8 Oct 17

A vulnerability classified as critical was found in X.org Server. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2023-5367 HIGH
7.8 Oct 25

A out-of-bounds write flaw was found in the xorg-x11-server. Rated high severity (CVSS 7.8), this vulnerability is low a

CVE-2023-6377 HIGH
7.8 Dec 13

A flaw was found in xorg-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-o

Share

EUVD-2026-42188 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy