Lucene search

[email protected]CVE-2011-3193

HistoryJun 16, 2012 - 12:55 a.m.

CVE-2011-3193

2012-06-1600:55:03

CWE-787

[email protected]

web.nvd.nist.gov

cve-2011-3193

information security

buffer overflow

denial of service

remote code execution

font file

vulnerability

nvd

harfbuzz

pango

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.5%

JSON

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

Affected configurations

NVD

Node

gnomepangoRange<1.25.1

qtqtRange<4.7.4

Node

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch11.04

Node

redhatenterprise_linux_desktopMatch4.0

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.1

redhatenterprise_linux_serverMatch4.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch4.0

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch11.3

opensuseopensuseMatch11.4

CPENameOperatorVersion
gnome:pangognome pangolt1.25.1
qt:qtqtlt4.7.4

CPE	Name	Operator	Version
gnome:pango	gnome pango	lt	1.25.1
qt:qt	qt	lt	4.7.4

References

cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65

cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08

git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0

lists.opensuse.org/opensuse-updates/2011-10/msg00007.html

lists.opensuse.org/opensuse-updates/2011-10/msg00008.html

rhn.redhat.com/errata/RHSA-2011-1323.html

rhn.redhat.com/errata/RHSA-2011-1324.html

rhn.redhat.com/errata/RHSA-2011-1325.html

rhn.redhat.com/errata/RHSA-2011-1326.html

rhn.redhat.com/errata/RHSA-2011-1327.html

rhn.redhat.com/errata/RHSA-2011-1328.html

secunia.com/advisories/41537

secunia.com/advisories/46117

secunia.com/advisories/46118

secunia.com/advisories/46119

secunia.com/advisories/46128

secunia.com/advisories/46371

secunia.com/advisories/46410

secunia.com/advisories/49895

www.openwall.com/lists/oss-security/2011/08/22/6

www.openwall.com/lists/oss-security/2011/08/24/8

www.openwall.com/lists/oss-security/2011/08/25/1

www.osvdb.org/75652

www.securityfocus.com/bid/49723

www.ubuntu.com/usn/USN-1504-1

exchange.xforce.ibmcloud.com/vulnerabilities/69991

hermes.opensuse.org/messages/12056605

qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2011-3193

openvas34 prion1 ubuntucve1 debiancve1 oraclelinux6 redhat6 nessus27 nvd1 veracode1 cvelist1 centos4 debian1 gentoo1 osv1 ubuntu1