Critical Heap Buffer Overflow Vulnerability in X.Org xorg-server and xwayland
A critical vulnerability, CVE-2026-55999, with a CVSS score of 8.5, was discovered in X.Org's xorg-server and xwayland. Local attackers with an X connection can exploit this vulnerability to cause a heap buffer overflow via SetFont due to missing glyph boundary checks. Affected versions include xorg-server before 21.2.24 and xwayland before 24.1.13.