| Package | libxfont |
|---|---|
| Version | 1:2.0.3-1+deb10u1 (buster) |
| Related CVEs | CVE-2026-56001 CVE-2026-56002 CVE-2026-56003 |
-
CVE-2026-56001
A heap buffer overflow in BitmapScaleBitmaps in due to an overflowing 32-bit size.
-
CVE-2026-56002
A heap bufferflow in pcfReadFont() due to missing glyph bounds checking.
-
CVE-2026-56003
A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in ComputeScaledProperties().
For Debian 10 buster, these problems have been fixed in version 1:2.0.3-1+deb10u1.
We recommend that you upgrade your libxfont packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.