Lucene search

K

[email protected]CVE-2009-1194

HistoryMay 11, 2009 - 3:30 p.m.

CVE-2009-1194

2009-05-1115:30:00

CWE-189

[email protected]

web.nvd.nist.gov

45

cve-2009-1194

integer overflow

pango

buffer overflow

denial of service

arbitrary code execution

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.6%

Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.

Affected configurations

NVD

Node

pangopangoRange≤1.22

OR

pangopangoMatch1.2

OR

pangopangoMatch1.4

OR

pangopangoMatch1.6

OR

pangopangoMatch1.8

OR

pangopangoMatch1.10

OR

pangopangoMatch1.12

OR

pangopangoMatch1.14

OR

pangopangoMatch1.16

OR

pangopangoMatch1.18

OR

pangopangoMatch1.20

CPENameOperatorVersion
pango:pangopangole1.22
pango:pangopangoeq1.2
pango:pangopangoeq1.4
pango:pangopangoeq1.6
pango:pangopangoeq1.8
pango:pangopangoeq1.10
pango:pangopangoeq1.12
pango:pangopangoeq1.14
pango:pangopangoeq1.16
pango:pangopangoeq1.18

Rows per page:

1-10 of 111

References

github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e

lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html

osvdb.org/54279

secunia.com/advisories/35018

secunia.com/advisories/35021

secunia.com/advisories/35027

secunia.com/advisories/35038

secunia.com/advisories/35685

secunia.com/advisories/35914

secunia.com/advisories/36005

secunia.com/advisories/36145

sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

www.debian.org/security/2009/dsa-1798

www.mozilla.org/security/announce/2009/mfsa2009-36.html

www.ocert.org/advisories/ocert-2009-001.html

www.openwall.com/lists/oss-security/2009/05/07/1

www.redhat.com/support/errata/RHSA-2009-0476.html

www.securityfocus.com/archive/1/503349/100/0/threaded

www.securityfocus.com/bid/34870

www.securityfocus.com/bid/35758

www.securitytracker.com/id?1022196

www.ubuntu.com/usn/USN-773-1

www.vupen.com/english/advisories/2009/1269

www.vupen.com/english/advisories/2009/1972

bugzilla.mozilla.org/show_bug.cgi?id=480134

bugzilla.redhat.com/show_bug.cgi?id=496887

exchange.xforce.ibmcloud.com/vulnerabilities/50397

launchpad.net/bugs/cve/2009-1194

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.6%

Related for CVE-2009-1194

freebsd1 nessus26 openvas37 securityvulns4 nvd2 debian1 cvelist2 veracode1 centos1 oraclelinux1 ubuntucve1 debiancve1 redhat1 ubuntu1 prion2 cve1 mozilla1 gentoo1 suse2 seebug1