Skip to main content

Libxfont

13 CVEs product

Monthly

CVE-2026-56001 HIGH PATCH This Week

Arbitrary code execution in the X.Org libXfont2 library (versions before 2.0.8) stems from a heap buffer overflow in the BitmapScaleBitmaps routine, where a 32-bit size calculation overflows during bitmap font scaling. Any client able to connect to the X Server and request scaled bitmap fonts can corrupt heap memory and run code within the X server's process context, which is frequently privileged. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; EPSS is low at 0.37% (29th percentile), consistent with the SSVC finding of no observed exploitation despite total technical impact.

Buffer Overflow Heap Overflow Libxfont
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-56002 HIGH PATCH This Week

Heap-based code execution in libXfont2 before 2.0.8 allows an authenticated X client to run arbitrary code inside the X server by supplying a malformed PCF font that trips missing glyph bounds checking in pcfReadFont(). Because X servers frequently run with elevated (often root) privileges, a successful exploit can escalate from a low-privileged client to full host compromise. No public exploit is identified at time of analysis and CISA SSVC rates current exploitation as none, but the technical impact is rated total.

Buffer Overflow Heap Overflow Libxfont
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-56003 HIGH PATCH This Week

Arbitrary code execution in libXfont2 before 2.0.8 lets an authenticated X client corrupt heap memory inside the X server via a maliciously crafted PCF bitmap font. The flaw sits in ComputeScaledProperties(), where a missing bounds check on the property buffer allows a heap overflow (CWE-122) that runs in the X server's security context - typically root on traditional Linux desktops. There is no public exploit identified at time of analysis; EPSS is modest at 0.58% and CISA SSVC rates exploitation as 'none' with 'total' technical impact.

Buffer Overflow Heap Overflow Libxfont
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2017-16611 MEDIUM PATCH This Month

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Debian Linux Ubuntu Linux Libxfont
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2017-13722 HIGH PATCH This Week

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libxfont
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2017-13720 HIGH PATCH This Week

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Libxfont
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2015-1804 HIGH This Week

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Libxfont
NVD
CVSS 2.0
8.5
EPSS
2.3%
CVE-2015-1803 HIGH This Week

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Ubuntu Linux Debian Linux Libxfont
NVD
CVSS 2.0
8.5
EPSS
1.7%
CVE-2015-1802 HIGH This Week

The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Libxfont
NVD
CVSS 2.0
8.5
EPSS
1.8%
CVE-2014-0211 HIGH This Week

Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Ubuntu Linux Libxfont
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2014-0210 HIGH This Week

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Libxfont Ubuntu Linux
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2014-0209 MEDIUM This Month

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Libxfont Ubuntu Linux
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2013-6462 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.0%.

Buffer Overflow Denial Of Service RCE Libxfont
NVD
CVSS 2.0
9.3
EPSS
12.0%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in the X.Org libXfont2 library (versions before 2.0.8) stems from a heap buffer overflow in the BitmapScaleBitmaps routine, where a 32-bit size calculation overflows during bitmap font scaling. Any client able to connect to the X Server and request scaled bitmap fonts can corrupt heap memory and run code within the X server's process context, which is frequently privileged. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; EPSS is low at 0.37% (29th percentile), consistent with the SSVC finding of no observed exploitation despite total technical impact.

Buffer Overflow Heap Overflow Libxfont
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Heap-based code execution in libXfont2 before 2.0.8 allows an authenticated X client to run arbitrary code inside the X server by supplying a malformed PCF font that trips missing glyph bounds checking in pcfReadFont(). Because X servers frequently run with elevated (often root) privileges, a successful exploit can escalate from a low-privileged client to full host compromise. No public exploit is identified at time of analysis and CISA SSVC rates current exploitation as none, but the technical impact is rated total.

Buffer Overflow Heap Overflow Libxfont
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in libXfont2 before 2.0.8 lets an authenticated X client corrupt heap memory inside the X server via a maliciously crafted PCF bitmap font. The flaw sits in ComputeScaledProperties(), where a missing bounds check on the property buffer allows a heap overflow (CWE-122) that runs in the X server's security context - typically root on traditional Linux desktops. There is no public exploit identified at time of analysis; EPSS is modest at 0.58% and CISA SSVC rates exploitation as 'none' with 'total' technical impact.

Buffer Overflow Heap Overflow Libxfont
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Debian Linux Ubuntu Linux +1
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libxfont
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD
EPSS 2% CVSS 8.5
HIGH This Week

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Libxfont
NVD
EPSS 2% CVSS 8.5
HIGH This Week

The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Ubuntu Linux +2
NVD
EPSS 2% CVSS 8.5
HIGH This Week

The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Ubuntu Linux +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Libxfont +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Libxfont Ubuntu Linux
NVD
EPSS 12% CVSS 9.3
CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.0%.

Buffer Overflow Denial Of Service RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy