Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for Pango by Gnome

    CVE-2019-1010238 (GCVE-0-2019-1010238)

    Vulnerability from nvd – Published: 2019-07-19 16:42 – Updated: 2024-08-05 03:07
    VLAI
    Summary
    Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    dwf
    References
    URL Tags
    https://usn.ubuntu.com/4081-1/ vendor-advisoryx_refsource_UBUNTU
    https://www.debian.org/security/2019/dsa-4496 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2019/Aug/14 mailing-listx_refsource_BUGTRAQ
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://access.redhat.com/errata/RHSA-2019:2571 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2582 vendor-advisoryx_refsource_REDHAT
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://security.gentoo.org/glsa/201909-03 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2019:2594 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHBA-2019:2824 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3234 vendor-advisoryx_refsource_REDHAT
    https://www.oracle.com/security-alerts/cpuapr2020.html x_refsource_MISC
    https://gitlab.gnome.org/GNOME/pango/-/commits/ma… x_refsource_MISC
    https://gitlab.gnome.org/GNOME/pango/-/issues/342 x_refsource_MISC
    Impacted products
    Vendor Product Version
    Gnome Pango Affected: 1.42 and later
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:07:18.524Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-4081-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4081-1/"
              },
              {
                "name": "DSA-4496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4496"
              },
              {
                "name": "20190812 [SECURITY] [DSA 4496-1] pango1.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/14"
              },
              {
                "name": "FEDORA-2019-547be4a683",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDDCJFWUQ57M4/"
              },
              {
                "name": "RHSA-2019:2571",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2571"
              },
              {
                "name": "RHSA-2019:2582",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2582"
              },
              {
                "name": "FEDORA-2019-155e34df5a",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFFF4FY7SCAYT3EKTYPGRN6BVKZTH7Y7/"
              },
              {
                "name": "GLSA-201909-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201909-03"
              },
              {
                "name": "RHSA-2019:2594",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2594"
              },
              {
                "name": "RHBA-2019:2824",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2019:2824"
              },
              {
                "name": "RHSA-2019:3234",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3234"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.gnome.org/GNOME/pango/-/issues/342"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pango",
              "vendor": "Gnome",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.42 and later"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-10T14:37:52.000Z",
            "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
            "shortName": "dwf"
          },
          "references": [
            {
              "name": "USN-4081-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4081-1/"
            },
            {
              "name": "DSA-4496",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4496"
            },
            {
              "name": "20190812 [SECURITY] [DSA 4496-1] pango1.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/14"
            },
            {
              "name": "FEDORA-2019-547be4a683",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDDCJFWUQ57M4/"
            },
            {
              "name": "RHSA-2019:2571",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2571"
            },
            {
              "name": "RHSA-2019:2582",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2582"
            },
            {
              "name": "FEDORA-2019-155e34df5a",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFFF4FY7SCAYT3EKTYPGRN6BVKZTH7Y7/"
            },
            {
              "name": "GLSA-201909-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201909-03"
            },
            {
              "name": "RHSA-2019:2594",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2594"
            },
            {
              "name": "RHBA-2019:2824",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2019:2824"
            },
            {
              "name": "RHSA-2019:3234",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3234"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.gnome.org/GNOME/pango/-/issues/342"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@distributedweaknessfiling.org",
              "ID": "CVE-2019-1010238",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pango",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.42 and later"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gnome"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-4081-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4081-1/"
                },
                {
                  "name": "DSA-4496",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4496"
                },
                {
                  "name": "20190812 [SECURITY] [DSA 4496-1] pango1.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/14"
                },
                {
                  "name": "FEDORA-2019-547be4a683",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDDCJFWUQ57M4/"
                },
                {
                  "name": "RHSA-2019:2571",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2571"
                },
                {
                  "name": "RHSA-2019:2582",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2582"
                },
                {
                  "name": "FEDORA-2019-155e34df5a",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VFFF4FY7SCAYT3EKTYPGRN6BVKZTH7Y7/"
                },
                {
                  "name": "GLSA-201909-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201909-03"
                },
                {
                  "name": "RHSA-2019:2594",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2594"
                },
                {
                  "name": "RHBA-2019:2824",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHBA-2019:2824"
                },
                {
                  "name": "RHSA-2019:3234",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3234"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
                },
                {
                  "name": "https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c",
                  "refsource": "MISC",
                  "url": "https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c"
                },
                {
                  "name": "https://gitlab.gnome.org/GNOME/pango/-/issues/342",
                  "refsource": "MISC",
                  "url": "https://gitlab.gnome.org/GNOME/pango/-/issues/342"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
        "assignerShortName": "dwf",
        "cveId": "CVE-2019-1010238",
        "datePublished": "2019-07-19T16:42:41.000Z",
        "dateReserved": "2019-03-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:07:18.524Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15120 (GCVE-0-2018-15120)

    Vulnerability from nvd – Published: 2018-08-24 19:00 – Updated: 2024-08-05 09:46
    VLAI
    Summary
    libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-08-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:46:25.320Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45263",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45263/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/GNOME/pango/blob/1.42.4/NEWS"
              },
              {
                "name": "USN-3750-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3750-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f"
              },
              {
                "name": "GLSA-201811-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201811-07"
              },
              {
                "name": "[distributor-list] 20180820 A critical pango fix",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://52.117.224.77/xfce4-pdos.webm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is-working-on-a-fix"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.reddit.com/r/PS4/comments/9o5efg/message_bricking_console_megathread/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45263"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://i.redd.it/v7p4n2ptu0s11.jpg"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-12T21:22:23.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "45263",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45263/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/GNOME/pango/blob/1.42.4/NEWS"
            },
            {
              "name": "USN-3750-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3750-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f"
            },
            {
              "name": "GLSA-201811-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201811-07"
            },
            {
              "name": "[distributor-list] 20180820 A critical pango fix",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://52.117.224.77/xfce4-pdos.webm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is-working-on-a-fix"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.reddit.com/r/PS4/comments/9o5efg/message_bricking_console_megathread/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.exploit-db.com/exploits/45263"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://i.redd.it/v7p4n2ptu0s11.jpg"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-15120",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45263",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45263/"
                },
                {
                  "name": "https://github.com/GNOME/pango/blob/1.42.4/NEWS",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/GNOME/pango/blob/1.42.4/NEWS"
                },
                {
                  "name": "USN-3750-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3750-1/"
                },
                {
                  "name": "https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f"
                },
                {
                  "name": "GLSA-201811-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201811-07"
                },
                {
                  "name": "[distributor-list] 20180820 A critical pango fix",
                  "refsource": "MLIST",
                  "url": "https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html"
                },
                {
                  "name": "http://52.117.224.77/xfce4-pdos.webm",
                  "refsource": "MISC",
                  "url": "http://52.117.224.77/xfce4-pdos.webm"
                },
                {
                  "name": "https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is-working-on-a-fix",
                  "refsource": "MISC",
                  "url": "https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is-working-on-a-fix"
                },
                {
                  "name": "https://www.reddit.com/r/PS4/comments/9o5efg/message_bricking_console_megathread/",
                  "refsource": "MISC",
                  "url": "https://www.reddit.com/r/PS4/comments/9o5efg/message_bricking_console_megathread/"
                },
                {
                  "name": "https://www.exploit-db.com/exploits/45263",
                  "refsource": "MISC",
                  "url": "https://www.exploit-db.com/exploits/45263"
                },
                {
                  "name": "https://i.redd.it/v7p4n2ptu0s11.jpg",
                  "refsource": "MISC",
                  "url": "https://i.redd.it/v7p4n2ptu0s11.jpg"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-15120",
        "datePublished": "2018-08-24T19:00:00.000Z",
        "dateReserved": "2018-08-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:46:25.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3193 (GCVE-0-2011-3193)

    Vulnerability from nvd – Published: 2012-06-16 00:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/46371 third-party-advisoryx_refsource_SECUNIA
    http://git.gnome.org/browse/pango/commit/pango/op… x_refsource_MISC
    http://www.ubuntu.com/usn/USN-1504-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2011/08/24/8 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-updates/2011-1… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/41537 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/46410 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2011-1327.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2011-1325.html vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2011/08/22/6 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/46128 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2011-1324.html vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2011/08/25/1 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/49895 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/46117 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2011-1326.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/46119 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/49723 vdb-entryx_refsource_BID
    http://cgit.freedesktop.org/harfbuzz/commit/src/h… x_refsource_MISC
    http://rhn.redhat.com/errata/RHSA-2011-1323.html vendor-advisoryx_refsource_REDHAT
    https://hermes.opensuse.org/messages/12056605 vendor-advisoryx_refsource_SUSE
    http://cgit.freedesktop.org/harfbuzz.old/commit/?… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2011-1328.html vendor-advisoryx_refsource_REDHAT
    https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57… x_refsource_CONFIRM
    http://www.osvdb.org/75652 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/46118 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.opensuse.org/opensuse-updates/2011-1… vendor-advisoryx_refsource_SUSE
    Date Public
    2011-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:55.288Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "46371",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46371"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0"
              },
              {
                "name": "USN-1504-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1504-1"
              },
              {
                "name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
              },
              {
                "name": "openSUSE-SU-2011:1119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
              },
              {
                "name": "41537",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41537"
              },
              {
                "name": "46410",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46410"
              },
              {
                "name": "RHSA-2011:1327",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2011-1327.html"
              },
              {
                "name": "RHSA-2011:1325",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2011-1325.html"
              },
              {
                "name": "[oss-security] 20120822 CVE request: libqt4: two memory issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
              },
              {
                "name": "46128",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46128"
              },
              {
                "name": "RHSA-2011:1324",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
              },
              {
                "name": "[oss-security] 20120825 Re: CVE request: libqt4: two memory issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/25/1"
              },
              {
                "name": "49895",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49895"
              },
              {
                "name": "46117",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46117"
              },
              {
                "name": "RHSA-2011:1326",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2011-1326.html"
              },
              {
                "name": "46119",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46119"
              },
              {
                "name": "49723",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49723"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08"
              },
              {
                "name": "RHSA-2011:1323",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
              },
              {
                "name": "SUSE-SU-2011:1113",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/12056605"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65"
              },
              {
                "name": "RHSA-2011:1328",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c"
              },
              {
                "name": "75652",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/75652"
              },
              {
                "name": "46118",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46118"
              },
              {
                "name": "pango-harfbuzz-bo(69991)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991"
              },
              {
                "name": "openSUSE-SU-2011:1120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "46371",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46371"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0"
            },
            {
              "name": "USN-1504-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1504-1"
            },
            {
              "name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
            },
            {
              "name": "openSUSE-SU-2011:1119",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
            },
            {
              "name": "41537",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41537"
            },
            {
              "name": "46410",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46410"
            },
            {
              "name": "RHSA-2011:1327",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1327.html"
            },
            {
              "name": "RHSA-2011:1325",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1325.html"
            },
            {
              "name": "[oss-security] 20120822 CVE request: libqt4: two memory issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
            },
            {
              "name": "46128",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46128"
            },
            {
              "name": "RHSA-2011:1324",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
            },
            {
              "name": "[oss-security] 20120825 Re: CVE request: libqt4: two memory issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/25/1"
            },
            {
              "name": "49895",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49895"
            },
            {
              "name": "46117",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46117"
            },
            {
              "name": "RHSA-2011:1326",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1326.html"
            },
            {
              "name": "46119",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46119"
            },
            {
              "name": "49723",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49723"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08"
            },
            {
              "name": "RHSA-2011:1323",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
            },
            {
              "name": "SUSE-SU-2011:1113",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/12056605"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65"
            },
            {
              "name": "RHSA-2011:1328",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c"
            },
            {
              "name": "75652",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/75652"
            },
            {
              "name": "46118",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46118"
            },
            {
              "name": "pango-harfbuzz-bo(69991)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991"
            },
            {
              "name": "openSUSE-SU-2011:1120",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3193",
        "datePublished": "2012-06-16T00:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:55.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0064 (GCVE-0-2011-0064)

    Vulnerability from nvd – Published: 2011-03-07 20:00 – Updated: 2024-08-06 21:43
    VLAI
    Summary
    The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-1082-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/43578 third-party-advisoryx_refsource_SECUNIA
    http://cgit.freedesktop.org/harfbuzz/commit/?id=a… x_refsource_CONFIRM
    https://bugzilla.novell.com/show_bug.cgi?id=672502 x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.vupen.com/english/advisories/2011/0543 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2011/0555 vdb-entryx_refsource_VUPEN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.redhat.com/show_bug.cgi?id=678563 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2011/0558 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/43800 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://build.opensuse.org/request/show/63070 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2011/0683 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1025145 vdb-entryx_refsource_SECTRACK
    https://bugzilla.mozilla.org/show_bug.cgi?id=606997 x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/43559 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/43572 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0584 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/46632 vdb-entryx_refsource_BID
    http://www.redhat.com/support/errata/RHSA-2011-03… vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2011/dsa-2178 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2011-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:43:13.993Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-1082-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1082-1"
              },
              {
                "name": "43578",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43578"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=672502"
              },
              {
                "name": "MDVSA-2011:040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040"
              },
              {
                "name": "ADV-2011-0543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0543"
              },
              {
                "name": "ADV-2011-0555",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0555"
              },
              {
                "name": "SUSE-SR:2011:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678563"
              },
              {
                "name": "ADV-2011-0558",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0558"
              },
              {
                "name": "43800",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43800"
              },
              {
                "name": "pango-hbbufferensure-bo(65770)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65770"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://build.opensuse.org/request/show/63070"
              },
              {
                "name": "ADV-2011-0683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0683"
              },
              {
                "name": "1025145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1025145"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=606997"
              },
              {
                "name": "FEDORA-2011-3194",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html"
              },
              {
                "name": "43559",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43559"
              },
              {
                "name": "43572",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43572"
              },
              {
                "name": "ADV-2011-0584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0584"
              },
              {
                "name": "46632",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46632"
              },
              {
                "name": "RHSA-2011:0309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0309.html"
              },
              {
                "name": "DSA-2178",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2178"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-1082-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1082-1"
            },
            {
              "name": "43578",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43578"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=672502"
            },
            {
              "name": "MDVSA-2011:040",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040"
            },
            {
              "name": "ADV-2011-0543",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0543"
            },
            {
              "name": "ADV-2011-0555",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0555"
            },
            {
              "name": "SUSE-SR:2011:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678563"
            },
            {
              "name": "ADV-2011-0558",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0558"
            },
            {
              "name": "43800",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43800"
            },
            {
              "name": "pango-hbbufferensure-bo(65770)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65770"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://build.opensuse.org/request/show/63070"
            },
            {
              "name": "ADV-2011-0683",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0683"
            },
            {
              "name": "1025145",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1025145"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=606997"
            },
            {
              "name": "FEDORA-2011-3194",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html"
            },
            {
              "name": "43559",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43559"
            },
            {
              "name": "43572",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43572"
            },
            {
              "name": "ADV-2011-0584",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0584"
            },
            {
              "name": "46632",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46632"
            },
            {
              "name": "RHSA-2011:0309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0309.html"
            },
            {
              "name": "DSA-2178",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2178"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0064",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-1082-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1082-1"
                },
                {
                  "name": "43578",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43578"
                },
                {
                  "name": "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9",
                  "refsource": "CONFIRM",
                  "url": "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=672502",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=672502"
                },
                {
                  "name": "MDVSA-2011:040",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040"
                },
                {
                  "name": "ADV-2011-0543",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0543"
                },
                {
                  "name": "ADV-2011-0555",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0555"
                },
                {
                  "name": "SUSE-SR:2011:005",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=678563",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678563"
                },
                {
                  "name": "ADV-2011-0558",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0558"
                },
                {
                  "name": "43800",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43800"
                },
                {
                  "name": "pango-hbbufferensure-bo(65770)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65770"
                },
                {
                  "name": "https://build.opensuse.org/request/show/63070",
                  "refsource": "CONFIRM",
                  "url": "https://build.opensuse.org/request/show/63070"
                },
                {
                  "name": "ADV-2011-0683",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0683"
                },
                {
                  "name": "1025145",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1025145"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=606997",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=606997"
                },
                {
                  "name": "FEDORA-2011-3194",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html"
                },
                {
                  "name": "43559",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43559"
                },
                {
                  "name": "43572",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43572"
                },
                {
                  "name": "ADV-2011-0584",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0584"
                },
                {
                  "name": "46632",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46632"
                },
                {
                  "name": "RHSA-2011:0309",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-0309.html"
                },
                {
                  "name": "DSA-2178",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2178"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0064",
        "datePublished": "2011-03-07T20:00:00.000Z",
        "dateReserved": "2010-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:43:13.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0020 (GCVE-0-2011-0020)

    Vulnerability from nvd – Published: 2011-01-24 17:00 – Updated: 2024-08-06 21:43
    VLAI
    Summary
    Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:43:14.022Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671122"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=639882"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616"
              },
              {
                "name": "1024994",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024994"
              },
              {
                "name": "pango-pango-bo(64832)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64832"
              },
              {
                "name": "SUSE-SR:2011:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
              },
              {
                "name": "[oss-security] 20110118 CVE request: heap corruption in libpango",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/01/18/6"
              },
              {
                "name": "70596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70596"
              },
              {
                "name": "43100",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43100"
              },
              {
                "name": "RHSA-2011:0180",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0180.html"
              },
              {
                "name": "[oss-security] 20110120 Re: CVE request: heap corruption in libpango",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/01/20/2"
              },
              {
                "name": "ADV-2011-0186",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0186"
              },
              {
                "name": "42934",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42934"
              },
              {
                "name": "45842",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45842"
              },
              {
                "name": "ADV-2011-0238",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0238"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671122"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=639882"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616"
            },
            {
              "name": "1024994",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024994"
            },
            {
              "name": "pango-pango-bo(64832)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64832"
            },
            {
              "name": "SUSE-SR:2011:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
            },
            {
              "name": "[oss-security] 20110118 CVE request: heap corruption in libpango",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/01/18/6"
            },
            {
              "name": "70596",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70596"
            },
            {
              "name": "43100",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43100"
            },
            {
              "name": "RHSA-2011:0180",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0180.html"
            },
            {
              "name": "[oss-security] 20110120 Re: CVE request: heap corruption in libpango",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/01/20/2"
            },
            {
              "name": "ADV-2011-0186",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0186"
            },
            {
              "name": "42934",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42934"
            },
            {
              "name": "45842",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45842"
            },
            {
              "name": "ADV-2011-0238",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0238"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-0020",
        "datePublished": "2011-01-24T17:00:00.000Z",
        "dateReserved": "2010-12-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:43:14.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0421 (GCVE-0-2010-0421)

    Vulnerability from nvd – Published: 2010-03-18 17:12 – Updated: 2024-08-07 00:45
    VLAI
    Summary
    Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-03-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:45:12.277Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2010:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:121"
              },
              {
                "name": "ADV-2010-1552",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1552"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555831"
              },
              {
                "name": "oval:org.mitre.oval:def:9417",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9417"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2"
              },
              {
                "name": "39041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39041"
              },
              {
                "name": "DSA-2019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2010/dsa-2019"
              },
              {
                "name": "RHSA-2010:0140",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0140.html"
              },
              {
                "name": "SUSE-SR:2010:013",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
              },
              {
                "name": "ADV-2010-0661",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0661"
              },
              {
                "name": "SUSE-SR:2010:009",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"
              },
              {
                "name": "SUSE-SR:2010:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
              },
              {
                "name": "38760",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/38760"
              },
              {
                "name": "ADV-2010-0627",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0627"
              },
              {
                "name": "1023711",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023711"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font\u0027s charmap and the Unicode property database."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "MDVSA-2010:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:121"
            },
            {
              "name": "ADV-2010-1552",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1552"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555831"
            },
            {
              "name": "oval:org.mitre.oval:def:9417",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9417"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2"
            },
            {
              "name": "39041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39041"
            },
            {
              "name": "DSA-2019",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2010/dsa-2019"
            },
            {
              "name": "RHSA-2010:0140",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0140.html"
            },
            {
              "name": "SUSE-SR:2010:013",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
            },
            {
              "name": "ADV-2010-0661",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0661"
            },
            {
              "name": "SUSE-SR:2010:009",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"
            },
            {
              "name": "SUSE-SR:2010:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
            },
            {
              "name": "38760",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/38760"
            },
            {
              "name": "ADV-2010-0627",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0627"
            },
            {
              "name": "1023711",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1023711"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-0421",
        "datePublished": "2010-03-18T17:12:00.000Z",
        "dateReserved": "2010-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:45:12.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1010238 (GCVE-0-2019-1010238)

    Vulnerability from cvelistv5 – Published: 2019-07-19 16:42 – Updated: 2024-08-05 03:07
    VLAI
    Summary
    Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    dwf
    References
    URL Tags
    https://usn.ubuntu.com/4081-1/ vendor-advisoryx_refsource_UBUNTU
    https://www.debian.org/security/2019/dsa-4496 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2019/Aug/14 mailing-listx_refsource_BUGTRAQ
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://access.redhat.com/errata/RHSA-2019:2571 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:2582 vendor-advisoryx_refsource_REDHAT
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://security.gentoo.org/glsa/201909-03 vendor-advisoryx_refsource_GENTOO
    https://access.redhat.com/errata/RHSA-2019:2594 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHBA-2019:2824 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2019:3234 vendor-advisoryx_refsource_REDHAT
    https://www.oracle.com/security-alerts/cpuapr2020.html x_refsource_MISC
    https://gitlab.gnome.org/GNOME/pango/-/commits/ma… x_refsource_MISC
    https://gitlab.gnome.org/GNOME/pango/-/issues/342 x_refsource_MISC
    Impacted products
    Vendor Product Version
    Gnome Pango Affected: 1.42 and later
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:07:18.524Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-4081-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4081-1/"
              },
              {
                "name": "DSA-4496",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4496"
              },
              {
                "name": "20190812 [SECURITY] [DSA 4496-1] pango1.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Aug/14"
              },
              {
                "name": "FEDORA-2019-547be4a683",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDDCJFWUQ57M4/"
              },
              {
                "name": "RHSA-2019:2571",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2571"
              },
              {
                "name": "RHSA-2019:2582",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2582"
              },
              {
                "name": "FEDORA-2019-155e34df5a",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFFF4FY7SCAYT3EKTYPGRN6BVKZTH7Y7/"
              },
              {
                "name": "GLSA-201909-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201909-03"
              },
              {
                "name": "RHSA-2019:2594",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2594"
              },
              {
                "name": "RHBA-2019:2824",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2019:2824"
              },
              {
                "name": "RHSA-2019:3234",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3234"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gitlab.gnome.org/GNOME/pango/-/issues/342"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Pango",
              "vendor": "Gnome",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.42 and later"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-10T14:37:52.000Z",
            "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
            "shortName": "dwf"
          },
          "references": [
            {
              "name": "USN-4081-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4081-1/"
            },
            {
              "name": "DSA-4496",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4496"
            },
            {
              "name": "20190812 [SECURITY] [DSA 4496-1] pango1.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Aug/14"
            },
            {
              "name": "FEDORA-2019-547be4a683",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDDCJFWUQ57M4/"
            },
            {
              "name": "RHSA-2019:2571",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2571"
            },
            {
              "name": "RHSA-2019:2582",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2582"
            },
            {
              "name": "FEDORA-2019-155e34df5a",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFFF4FY7SCAYT3EKTYPGRN6BVKZTH7Y7/"
            },
            {
              "name": "GLSA-201909-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201909-03"
            },
            {
              "name": "RHSA-2019:2594",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2594"
            },
            {
              "name": "RHBA-2019:2824",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2019:2824"
            },
            {
              "name": "RHSA-2019:3234",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3234"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gitlab.gnome.org/GNOME/pango/-/issues/342"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@distributedweaknessfiling.org",
              "ID": "CVE-2019-1010238",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Pango",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.42 and later"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Gnome"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-4081-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4081-1/"
                },
                {
                  "name": "DSA-4496",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4496"
                },
                {
                  "name": "20190812 [SECURITY] [DSA 4496-1] pango1.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Aug/14"
                },
                {
                  "name": "FEDORA-2019-547be4a683",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDDCJFWUQ57M4/"
                },
                {
                  "name": "RHSA-2019:2571",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2571"
                },
                {
                  "name": "RHSA-2019:2582",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2582"
                },
                {
                  "name": "FEDORA-2019-155e34df5a",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VFFF4FY7SCAYT3EKTYPGRN6BVKZTH7Y7/"
                },
                {
                  "name": "GLSA-201909-03",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201909-03"
                },
                {
                  "name": "RHSA-2019:2594",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:2594"
                },
                {
                  "name": "RHBA-2019:2824",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHBA-2019:2824"
                },
                {
                  "name": "RHSA-2019:3234",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2019:3234"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
                },
                {
                  "name": "https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c",
                  "refsource": "MISC",
                  "url": "https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c"
                },
                {
                  "name": "https://gitlab.gnome.org/GNOME/pango/-/issues/342",
                  "refsource": "MISC",
                  "url": "https://gitlab.gnome.org/GNOME/pango/-/issues/342"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
        "assignerShortName": "dwf",
        "cveId": "CVE-2019-1010238",
        "datePublished": "2019-07-19T16:42:41.000Z",
        "dateReserved": "2019-03-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T03:07:18.524Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15120 (GCVE-0-2018-15120)

    Vulnerability from cvelistv5 – Published: 2018-08-24 19:00 – Updated: 2024-08-05 09:46
    VLAI
    Summary
    libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-08-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:46:25.320Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "45263",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45263/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/GNOME/pango/blob/1.42.4/NEWS"
              },
              {
                "name": "USN-3750-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3750-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f"
              },
              {
                "name": "GLSA-201811-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201811-07"
              },
              {
                "name": "[distributor-list] 20180820 A critical pango fix",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://52.117.224.77/xfce4-pdos.webm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is-working-on-a-fix"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.reddit.com/r/PS4/comments/9o5efg/message_bricking_console_megathread/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/45263"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://i.redd.it/v7p4n2ptu0s11.jpg"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-08-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-12T21:22:23.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "45263",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/45263/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/GNOME/pango/blob/1.42.4/NEWS"
            },
            {
              "name": "USN-3750-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3750-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f"
            },
            {
              "name": "GLSA-201811-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201811-07"
            },
            {
              "name": "[distributor-list] 20180820 A critical pango fix",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://52.117.224.77/xfce4-pdos.webm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is-working-on-a-fix"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.reddit.com/r/PS4/comments/9o5efg/message_bricking_console_megathread/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.exploit-db.com/exploits/45263"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://i.redd.it/v7p4n2ptu0s11.jpg"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-15120",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "45263",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/45263/"
                },
                {
                  "name": "https://github.com/GNOME/pango/blob/1.42.4/NEWS",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/GNOME/pango/blob/1.42.4/NEWS"
                },
                {
                  "name": "USN-3750-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3750-1/"
                },
                {
                  "name": "https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f"
                },
                {
                  "name": "GLSA-201811-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201811-07"
                },
                {
                  "name": "[distributor-list] 20180820 A critical pango fix",
                  "refsource": "MLIST",
                  "url": "https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html"
                },
                {
                  "name": "http://52.117.224.77/xfce4-pdos.webm",
                  "refsource": "MISC",
                  "url": "http://52.117.224.77/xfce4-pdos.webm"
                },
                {
                  "name": "https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is-working-on-a-fix",
                  "refsource": "MISC",
                  "url": "https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is-working-on-a-fix"
                },
                {
                  "name": "https://www.reddit.com/r/PS4/comments/9o5efg/message_bricking_console_megathread/",
                  "refsource": "MISC",
                  "url": "https://www.reddit.com/r/PS4/comments/9o5efg/message_bricking_console_megathread/"
                },
                {
                  "name": "https://www.exploit-db.com/exploits/45263",
                  "refsource": "MISC",
                  "url": "https://www.exploit-db.com/exploits/45263"
                },
                {
                  "name": "https://i.redd.it/v7p4n2ptu0s11.jpg",
                  "refsource": "MISC",
                  "url": "https://i.redd.it/v7p4n2ptu0s11.jpg"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-15120",
        "datePublished": "2018-08-24T19:00:00.000Z",
        "dateReserved": "2018-08-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T09:46:25.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3193 (GCVE-0-2011-3193)

    Vulnerability from cvelistv5 – Published: 2012-06-16 00:00 – Updated: 2024-08-06 23:29
    VLAI
    Summary
    Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/46371 third-party-advisoryx_refsource_SECUNIA
    http://git.gnome.org/browse/pango/commit/pango/op… x_refsource_MISC
    http://www.ubuntu.com/usn/USN-1504-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2011/08/24/8 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-updates/2011-1… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/41537 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/46410 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2011-1327.html vendor-advisoryx_refsource_REDHAT
    http://rhn.redhat.com/errata/RHSA-2011-1325.html vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2011/08/22/6 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/46128 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2011-1324.html vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2011/08/25/1 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/49895 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/46117 third-party-advisoryx_refsource_SECUNIA
    http://rhn.redhat.com/errata/RHSA-2011-1326.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/46119 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/49723 vdb-entryx_refsource_BID
    http://cgit.freedesktop.org/harfbuzz/commit/src/h… x_refsource_MISC
    http://rhn.redhat.com/errata/RHSA-2011-1323.html vendor-advisoryx_refsource_REDHAT
    https://hermes.opensuse.org/messages/12056605 vendor-advisoryx_refsource_SUSE
    http://cgit.freedesktop.org/harfbuzz.old/commit/?… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2011-1328.html vendor-advisoryx_refsource_REDHAT
    https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57… x_refsource_CONFIRM
    http://www.osvdb.org/75652 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/46118 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://lists.opensuse.org/opensuse-updates/2011-1… vendor-advisoryx_refsource_SUSE
    Date Public
    2011-08-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:29:55.288Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "46371",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46371"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0"
              },
              {
                "name": "USN-1504-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1504-1"
              },
              {
                "name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
              },
              {
                "name": "openSUSE-SU-2011:1119",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
              },
              {
                "name": "41537",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/41537"
              },
              {
                "name": "46410",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46410"
              },
              {
                "name": "RHSA-2011:1327",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2011-1327.html"
              },
              {
                "name": "RHSA-2011:1325",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2011-1325.html"
              },
              {
                "name": "[oss-security] 20120822 CVE request: libqt4: two memory issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
              },
              {
                "name": "46128",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46128"
              },
              {
                "name": "RHSA-2011:1324",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
              },
              {
                "name": "[oss-security] 20120825 Re: CVE request: libqt4: two memory issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/25/1"
              },
              {
                "name": "49895",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49895"
              },
              {
                "name": "46117",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46117"
              },
              {
                "name": "RHSA-2011:1326",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2011-1326.html"
              },
              {
                "name": "46119",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46119"
              },
              {
                "name": "49723",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49723"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08"
              },
              {
                "name": "RHSA-2011:1323",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
              },
              {
                "name": "SUSE-SU-2011:1113",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/12056605"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65"
              },
              {
                "name": "RHSA-2011:1328",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c"
              },
              {
                "name": "75652",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/75652"
              },
              {
                "name": "46118",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/46118"
              },
              {
                "name": "pango-harfbuzz-bo(69991)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991"
              },
              {
                "name": "openSUSE-SU-2011:1120",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "46371",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46371"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0"
            },
            {
              "name": "USN-1504-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1504-1"
            },
            {
              "name": "[oss-security] 20120824 Re: CVE request: libqt4: two memory issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/24/8"
            },
            {
              "name": "openSUSE-SU-2011:1119",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html"
            },
            {
              "name": "41537",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/41537"
            },
            {
              "name": "46410",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46410"
            },
            {
              "name": "RHSA-2011:1327",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1327.html"
            },
            {
              "name": "RHSA-2011:1325",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1325.html"
            },
            {
              "name": "[oss-security] 20120822 CVE request: libqt4: two memory issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/22/6"
            },
            {
              "name": "46128",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46128"
            },
            {
              "name": "RHSA-2011:1324",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1324.html"
            },
            {
              "name": "[oss-security] 20120825 Re: CVE request: libqt4: two memory issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/25/1"
            },
            {
              "name": "49895",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49895"
            },
            {
              "name": "46117",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46117"
            },
            {
              "name": "RHSA-2011:1326",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1326.html"
            },
            {
              "name": "46119",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46119"
            },
            {
              "name": "49723",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49723"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08"
            },
            {
              "name": "RHSA-2011:1323",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1323.html"
            },
            {
              "name": "SUSE-SU-2011:1113",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/12056605"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65"
            },
            {
              "name": "RHSA-2011:1328",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2011-1328.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c"
            },
            {
              "name": "75652",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/75652"
            },
            {
              "name": "46118",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/46118"
            },
            {
              "name": "pango-harfbuzz-bo(69991)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69991"
            },
            {
              "name": "openSUSE-SU-2011:1120",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3193",
        "datePublished": "2012-06-16T00:00:00.000Z",
        "dateReserved": "2011-08-19T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:29:55.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0064 (GCVE-0-2011-0064)

    Vulnerability from cvelistv5 – Published: 2011-03-07 20:00 – Updated: 2024-08-06 21:43
    VLAI
    Summary
    The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.ubuntu.com/usn/USN-1082-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/43578 third-party-advisoryx_refsource_SECUNIA
    http://cgit.freedesktop.org/harfbuzz/commit/?id=a… x_refsource_CONFIRM
    https://bugzilla.novell.com/show_bug.cgi?id=672502 x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://www.vupen.com/english/advisories/2011/0543 vdb-entryx_refsource_VUPEN
    http://www.vupen.com/english/advisories/2011/0555 vdb-entryx_refsource_VUPEN
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://bugzilla.redhat.com/show_bug.cgi?id=678563 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2011/0558 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/43800 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    https://build.opensuse.org/request/show/63070 x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2011/0683 vdb-entryx_refsource_VUPEN
    http://securitytracker.com/id?1025145 vdb-entryx_refsource_SECTRACK
    https://bugzilla.mozilla.org/show_bug.cgi?id=606997 x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://secunia.com/advisories/43559 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/43572 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2011/0584 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/46632 vdb-entryx_refsource_BID
    http://www.redhat.com/support/errata/RHSA-2011-03… vendor-advisoryx_refsource_REDHAT
    http://www.debian.org/security/2011/dsa-2178 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2011-03-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:43:13.993Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-1082-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1082-1"
              },
              {
                "name": "43578",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43578"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=672502"
              },
              {
                "name": "MDVSA-2011:040",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040"
              },
              {
                "name": "ADV-2011-0543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0543"
              },
              {
                "name": "ADV-2011-0555",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0555"
              },
              {
                "name": "SUSE-SR:2011:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678563"
              },
              {
                "name": "ADV-2011-0558",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0558"
              },
              {
                "name": "43800",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43800"
              },
              {
                "name": "pango-hbbufferensure-bo(65770)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65770"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://build.opensuse.org/request/show/63070"
              },
              {
                "name": "ADV-2011-0683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0683"
              },
              {
                "name": "1025145",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1025145"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=606997"
              },
              {
                "name": "FEDORA-2011-3194",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html"
              },
              {
                "name": "43559",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43559"
              },
              {
                "name": "43572",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43572"
              },
              {
                "name": "ADV-2011-0584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0584"
              },
              {
                "name": "46632",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/46632"
              },
              {
                "name": "RHSA-2011:0309",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0309.html"
              },
              {
                "name": "DSA-2178",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2178"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-03-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-1082-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1082-1"
            },
            {
              "name": "43578",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43578"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=672502"
            },
            {
              "name": "MDVSA-2011:040",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040"
            },
            {
              "name": "ADV-2011-0543",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0543"
            },
            {
              "name": "ADV-2011-0555",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0555"
            },
            {
              "name": "SUSE-SR:2011:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678563"
            },
            {
              "name": "ADV-2011-0558",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0558"
            },
            {
              "name": "43800",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43800"
            },
            {
              "name": "pango-hbbufferensure-bo(65770)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65770"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://build.opensuse.org/request/show/63070"
            },
            {
              "name": "ADV-2011-0683",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0683"
            },
            {
              "name": "1025145",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1025145"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=606997"
            },
            {
              "name": "FEDORA-2011-3194",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html"
            },
            {
              "name": "43559",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43559"
            },
            {
              "name": "43572",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43572"
            },
            {
              "name": "ADV-2011-0584",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0584"
            },
            {
              "name": "46632",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/46632"
            },
            {
              "name": "RHSA-2011:0309",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0309.html"
            },
            {
              "name": "DSA-2178",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2178"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0064",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-1082-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1082-1"
                },
                {
                  "name": "43578",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43578"
                },
                {
                  "name": "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9",
                  "refsource": "CONFIRM",
                  "url": "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9"
                },
                {
                  "name": "https://bugzilla.novell.com/show_bug.cgi?id=672502",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.novell.com/show_bug.cgi?id=672502"
                },
                {
                  "name": "MDVSA-2011:040",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040"
                },
                {
                  "name": "ADV-2011-0543",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0543"
                },
                {
                  "name": "ADV-2011-0555",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0555"
                },
                {
                  "name": "SUSE-SR:2011:005",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=678563",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678563"
                },
                {
                  "name": "ADV-2011-0558",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0558"
                },
                {
                  "name": "43800",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43800"
                },
                {
                  "name": "pango-hbbufferensure-bo(65770)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65770"
                },
                {
                  "name": "https://build.opensuse.org/request/show/63070",
                  "refsource": "CONFIRM",
                  "url": "https://build.opensuse.org/request/show/63070"
                },
                {
                  "name": "ADV-2011-0683",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0683"
                },
                {
                  "name": "1025145",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1025145"
                },
                {
                  "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=606997",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=606997"
                },
                {
                  "name": "FEDORA-2011-3194",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html"
                },
                {
                  "name": "43559",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43559"
                },
                {
                  "name": "43572",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/43572"
                },
                {
                  "name": "ADV-2011-0584",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/0584"
                },
                {
                  "name": "46632",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/46632"
                },
                {
                  "name": "RHSA-2011:0309",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2011-0309.html"
                },
                {
                  "name": "DSA-2178",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2178"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0064",
        "datePublished": "2011-03-07T20:00:00.000Z",
        "dateReserved": "2010-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:43:13.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0020 (GCVE-0-2011-0020)

    Vulnerability from cvelistv5 – Published: 2011-01-24 17:00 – Updated: 2024-08-06 21:43
    VLAI
    Summary
    Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2011-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:43:14.022Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671122"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=639882"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616"
              },
              {
                "name": "1024994",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024994"
              },
              {
                "name": "pango-pango-bo(64832)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64832"
              },
              {
                "name": "SUSE-SR:2011:005",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
              },
              {
                "name": "[oss-security] 20110118 CVE request: heap corruption in libpango",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/01/18/6"
              },
              {
                "name": "70596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/70596"
              },
              {
                "name": "43100",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/43100"
              },
              {
                "name": "RHSA-2011:0180",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2011-0180.html"
              },
              {
                "name": "[oss-security] 20110120 Re: CVE request: heap corruption in libpango",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://openwall.com/lists/oss-security/2011/01/20/2"
              },
              {
                "name": "ADV-2011-0186",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0186"
              },
              {
                "name": "42934",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42934"
              },
              {
                "name": "45842",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45842"
              },
              {
                "name": "ADV-2011-0238",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/0238"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671122"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=639882"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616"
            },
            {
              "name": "1024994",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024994"
            },
            {
              "name": "pango-pango-bo(64832)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64832"
            },
            {
              "name": "SUSE-SR:2011:005",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
            },
            {
              "name": "[oss-security] 20110118 CVE request: heap corruption in libpango",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/01/18/6"
            },
            {
              "name": "70596",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/70596"
            },
            {
              "name": "43100",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/43100"
            },
            {
              "name": "RHSA-2011:0180",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2011-0180.html"
            },
            {
              "name": "[oss-security] 20110120 Re: CVE request: heap corruption in libpango",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://openwall.com/lists/oss-security/2011/01/20/2"
            },
            {
              "name": "ADV-2011-0186",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0186"
            },
            {
              "name": "42934",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42934"
            },
            {
              "name": "45842",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45842"
            },
            {
              "name": "ADV-2011-0238",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/0238"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-0020",
        "datePublished": "2011-01-24T17:00:00.000Z",
        "dateReserved": "2010-12-07T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:43:14.022Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0421 (GCVE-0-2010-0421)

    Vulnerability from cvelistv5 – Published: 2010-03-18 17:12 – Updated: 2024-08-07 00:45
    VLAI
    Summary
    Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-03-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:45:12.277Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2010:121",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:121"
              },
              {
                "name": "ADV-2010-1552",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1552"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555831"
              },
              {
                "name": "oval:org.mitre.oval:def:9417",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9417"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2"
              },
              {
                "name": "39041",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39041"
              },
              {
                "name": "DSA-2019",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2010/dsa-2019"
              },
              {
                "name": "RHSA-2010:0140",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2010-0140.html"
              },
              {
                "name": "SUSE-SR:2010:013",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
              },
              {
                "name": "ADV-2010-0661",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0661"
              },
              {
                "name": "SUSE-SR:2010:009",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"
              },
              {
                "name": "SUSE-SR:2010:012",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
              },
              {
                "name": "38760",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/38760"
              },
              {
                "name": "ADV-2010-0627",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0627"
              },
              {
                "name": "1023711",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023711"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font\u0027s charmap and the Unicode property database."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "MDVSA-2010:121",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:121"
            },
            {
              "name": "ADV-2010-1552",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1552"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555831"
            },
            {
              "name": "oval:org.mitre.oval:def:9417",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9417"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2"
            },
            {
              "name": "39041",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39041"
            },
            {
              "name": "DSA-2019",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2010/dsa-2019"
            },
            {
              "name": "RHSA-2010:0140",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0140.html"
            },
            {
              "name": "SUSE-SR:2010:013",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
            },
            {
              "name": "ADV-2010-0661",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0661"
            },
            {
              "name": "SUSE-SR:2010:009",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"
            },
            {
              "name": "SUSE-SR:2010:012",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
            },
            {
              "name": "38760",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/38760"
            },
            {
              "name": "ADV-2010-0627",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0627"
            },
            {
              "name": "1023711",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1023711"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-0421",
        "datePublished": "2010-03-18T17:12:00.000Z",
        "dateReserved": "2010-01-27T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:45:12.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }