CVE-2011-0020

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://openwall.com/lists/oss-security/2011/01/18/6 Exploit
http://openwall.com/lists/oss-security/2011/01/20/2 Exploit
http://osvdb.org/70596
http://secunia.com/advisories/42934
http://secunia.com/advisories/43100
http://www.redhat.com/support/errata/RHSA-2011-0180.html
http://www.securityfocus.com/bid/45842
http://www.securitytracker.com/id?1024994
http://www.vupen.com/english/advisories/2011/0186 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0238
https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616 Exploit
https://bugzilla.gnome.org/show_bug.cgi?id=639882
https://bugzilla.redhat.com/show_bug.cgi?id=671122 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/64832
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://openwall.com/lists/oss-security/2011/01/18/6 Exploit
http://openwall.com/lists/oss-security/2011/01/20/2 Exploit
http://osvdb.org/70596
http://secunia.com/advisories/42934
http://secunia.com/advisories/43100
http://www.redhat.com/support/errata/RHSA-2011-0180.html
http://www.securityfocus.com/bid/45842
http://www.securitytracker.com/id?1024994
http://www.vupen.com/english/advisories/2011/0186 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0238
https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616 Exploit
https://bugzilla.gnome.org/show_bug.cgi?id=639882
https://bugzilla.redhat.com/show_bug.cgi?id=671122 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/64832
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.2:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.20:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.21:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.22:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.23:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.24:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.25:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.26:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.0:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.1:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.2:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.3:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.4:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.5:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.6:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.7:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.8:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.9:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.10:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.11:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.12:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.13:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.14:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.15:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.16:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.17:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.18:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.19:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.20:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.21:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.22:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.23:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.24:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.25:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.26:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.27:*:*:*:*:*:*:*

History

21 Nov 2024, 01:23

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html - () http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html -
References () http://openwall.com/lists/oss-security/2011/01/18/6 - Exploit () http://openwall.com/lists/oss-security/2011/01/18/6 - Exploit
References () http://openwall.com/lists/oss-security/2011/01/20/2 - Exploit () http://openwall.com/lists/oss-security/2011/01/20/2 - Exploit
References () http://osvdb.org/70596 - () http://osvdb.org/70596 -
References () http://secunia.com/advisories/42934 - () http://secunia.com/advisories/42934 -
References () http://secunia.com/advisories/43100 - () http://secunia.com/advisories/43100 -
References () http://www.redhat.com/support/errata/RHSA-2011-0180.html - () http://www.redhat.com/support/errata/RHSA-2011-0180.html -
References () http://www.securityfocus.com/bid/45842 - () http://www.securityfocus.com/bid/45842 -
References () http://www.securitytracker.com/id?1024994 - () http://www.securitytracker.com/id?1024994 -
References () http://www.vupen.com/english/advisories/2011/0186 - Vendor Advisory () http://www.vupen.com/english/advisories/2011/0186 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2011/0238 - () http://www.vupen.com/english/advisories/2011/0238 -
References () https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616 - Exploit () https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616 - Exploit
References () https://bugzilla.gnome.org/show_bug.cgi?id=639882 - () https://bugzilla.gnome.org/show_bug.cgi?id=639882 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=671122 - Exploit () https://bugzilla.redhat.com/show_bug.cgi?id=671122 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/64832 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/64832 -

14 Jul 2021, 15:41

Type Values Removed Values Added
CPE cpe:2.3:a:pango:pango:1.28.0:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.28.1:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.28.2:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*

Information

Published : 2011-01-24 18:00

Updated : 2024-11-21 01:23


NVD link : CVE-2011-0020

Mitre link : CVE-2011-0020

CVE.ORG link : CVE-2011-0020


JSON object : View

Products Affected

gnome

  • pango

pango

  • pango
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer