SUSE CVE-2026-50256

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

CVE-2026-50256

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

CVE-2026-50256

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias...

Linux Distros Unpatched Vulnerability : CVE-2020-14310

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an issue on grub2 before version 2.06 at function readsectionasstring. It expects a font name to be at max UINT32MAX - 1 length in bytes but it doesn't...

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX leading to read_section_as_string() to an arithmetic overflow zero-sized allocation and further heap-based buffer overflow.

...

DEBIAN-CVE-2020-14310

There is an issue on grub2 before version 2.06 at function readsectionasstring. It expects a font name to be at max UINT32MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a...

PT-2020-3622 · Gnu +7 · Grub2 +7

Name of the Vulnerable Software and Affected Versions: grub2 versions prior to 2.06 Description: The issue is related to the read section as string function, which expects a font name to be at most UINT32 MAX - 1 length in bytes but does not verify it before proceeding with buffer allocation. Thi...

Gnuplot Buffer Overflow Vulnerability (CNVD-2019-00241)

Gnuplot is an open source plotting software. A buffer overflow vulnerability exists in the post.trm file in Gnuplot version 5.2.5, where the program fails to detect the size of arguments sent to the 'set font' function. The vulnerability can be exploited to hijack control flow with font names of...

PT-2010-2142 · Viscom · Viscom Software Movie Player Pro Sdk Activex

Name of the Vulnerable Software and Affected Versions: Viscom Software Movie Player Pro SDK ActiveX version 6.8.0.0 Description: The issue is related to a stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control. This occurs when a long strFontName parameter is passed to t...