Lucene search

PRIOn knowledge basePRION:CVE-2011-0020

HistoryJan 24, 2011 - 6:00 p.m.

Heap overflow

2011-01-2418:00:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

High

0.186 Low

EPSS

Percentile

96.2%

JSON

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

CPENameOperatorVersion
pangole1.28.3
pangoeq1.28.2
pangoeq1.28.0
pangoeq1.28.1
pangoeq1.7
pangoeq1.5
pangoeq1.6
pangoeq1.17
pangoeq0.23
pangoeq1.9

Name	Operator	Version
pango	le	1.28.3
pango	eq	1.28.2
pango	eq	1.28.0
pango	eq	1.28.1
pango	eq	1.7
pango	eq	1.5
pango	eq	1.6
pango	eq	1.17
pango	eq	0.23
pango	eq	1.9

Rows per page:

1-10 of 391

References

lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

openwall.com/lists/oss-security/2011/01/18/6

openwall.com/lists/oss-security/2011/01/20/2

osvdb.org/70596

secunia.com/advisories/42934

secunia.com/advisories/43100

www.redhat.com/support/errata/RHSA-2011-0180.html

www.securityfocus.com/bid/45842

www.securitytracker.com/id?1024994

www.vupen.com/english/advisories/2011/0186

www.vupen.com/english/advisories/2011/0238

bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616

bugzilla.gnome.org/show_bug.cgi?id=639882

bugzilla.redhat.com/show_bug.cgi?id=671122

exchange.xforce.ibmcloud.com/vulnerabilities/64832