CVE-2011-0020

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-0020
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

7.6 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://openwall.com/lists/oss-security/2011/01/18/6 Exploit
http://openwall.com/lists/oss-security/2011/01/20/2 Exploit
http://osvdb.org/70596
http://secunia.com/advisories/42934
http://secunia.com/advisories/43100
http://www.redhat.com/support/errata/RHSA-2011-0180.html
http://www.securityfocus.com/bid/45842
http://www.securitytracker.com/id?1024994
http://www.vupen.com/english/advisories/2011/0186 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0238
https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616 Exploit
https://bugzilla.gnome.org/show_bug.cgi?id=639882
https://bugzilla.redhat.com/show_bug.cgi?id=671122 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/64832
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.2:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.20:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.21:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.22:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.23:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.24:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.25:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.26:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.0:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.1:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.2:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.3:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.4:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.5:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.6:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.7:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.8:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.9:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.10:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.11:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.12:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.13:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.14:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.15:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.16:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.17:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.18:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.19:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.20:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.21:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.22:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.23:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.24:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.25:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.26:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.27:*:*:*:*:*:*:*
History

14 Jul 2021, 15:41

Type Values Removed Values Added
CPE cpe:2.3:a:pango:pango:1.28.0:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.28.1:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.28.2:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:*:*:*:*:*:*:*:*		 cpe:2.3:a:gnome:pango:1.28.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*
Information

Published : 2011-01-24 18:00

Updated : 2024-02-04 17:54

NVD link : CVE-2011-0020

Mitre link : CVE-2011-0020

CVE.ORG link : CVE-2011-0020

JSON object : View

Products Affected

pango

  • pango

gnome

  • pango
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer