Description
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Published: 2026-06-05
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow exists in the X.Org X server and Xwayland, caused by a length mismatch between the X server's internal font buffer and libXfont2 alias target names. When an alias name between 257 and 1023 bytes is processed, the X server copies the name into a 256‑byte stack buffer without bounds checking. This flaw can crash the server or, if the server runs with elevated privileges, allow an attacker to elevate privileges or execute arbitrary code. The weakness is a classic CWE‑121 buffer overflow.

Affected Systems

Red Hat Enterprise Linux versions 6 through 10 are impacted. The flaw exists in the Xorg‑x11‑server package and its Xwayland integration, regardless of the specific minor release of RHEL, and can affect both desktop and server environments that use the default X.Org stack.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity. EPSS data is unavailable, but the lack of a KEV listing suggests no widespread exploit has been observed yet. The likely attack vector is local or remote font injection via the X server's configuration or file system, requiring the attacker to supply a malicious font alias between 257 and 1023 bytes. If the X server is running as root (e.g., on a login session), the overflow can lead to privilege escalation. An attacker could craft a malicious font package or alter system font configuration to trigger the overflow.

Generated by OpenCVE AI on June 5, 2026 at 12:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Red Hat update that addresses CVE‑2026‑50256 in the X.Org X server package.
  • Ensure that the libXfont2 library installed on the system matches the X server’s expected alias name length, typically by upgrading to the newest matching release or applying any vendor-supplied consistency patches.
  • If Xwayland is not required, disable or uninstall it to reduce the attack surface; otherwise, restrict font alias names to 256 bytes or shorter by adjusting font configuration files or removing suspect font packages.

Generated by OpenCVE AI on June 5, 2026 at 12:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root.
Title Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-121
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-05T10:31:22.122Z

Reserved: 2026-06-04T14:55:24.011Z

Link: CVE-2026-50256

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-05T12:16:38.727

Modified: 2026-06-05T13:27:38.750

Link: CVE-2026-50256

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-02T00:00:00Z

Links: CVE-2026-50256 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T12:30:40Z

Weaknesses