CVE-2011-0064

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
References
Link Resource
http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9 Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://secunia.com/advisories/43559 Vendor Advisory
http://secunia.com/advisories/43572 Vendor Advisory
http://secunia.com/advisories/43578 Vendor Advisory
http://secunia.com/advisories/43800
http://securitytracker.com/id?1025145
http://www.debian.org/security/2011/dsa-2178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
http://www.redhat.com/support/errata/RHSA-2011-0309.html
http://www.securityfocus.com/bid/46632
http://www.ubuntu.com/usn/USN-1082-1
http://www.vupen.com/english/advisories/2011/0543 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0555 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0558 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0584
http://www.vupen.com/english/advisories/2011/0683
https://bugzilla.mozilla.org/show_bug.cgi?id=606997
https://bugzilla.novell.com/show_bug.cgi?id=672502
https://bugzilla.redhat.com/show_bug.cgi?id=678563 Patch
https://build.opensuse.org/request/show/63070 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/65770
http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9 Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://secunia.com/advisories/43559 Vendor Advisory
http://secunia.com/advisories/43572 Vendor Advisory
http://secunia.com/advisories/43578 Vendor Advisory
http://secunia.com/advisories/43800
http://securitytracker.com/id?1025145
http://www.debian.org/security/2011/dsa-2178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
http://www.redhat.com/support/errata/RHSA-2011-0309.html
http://www.securityfocus.com/bid/46632
http://www.ubuntu.com/usn/USN-1082-1
http://www.vupen.com/english/advisories/2011/0543 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0555 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0558 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0584
http://www.vupen.com/english/advisories/2011/0683
https://bugzilla.mozilla.org/show_bug.cgi?id=606997
https://bugzilla.novell.com/show_bug.cgi?id=672502
https://bugzilla.redhat.com/show_bug.cgi?id=678563 Patch
https://build.opensuse.org/request/show/63070 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/65770
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gnome:pango:1.28.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:23

Type Values Removed Values Added
References () http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9 - Patch () http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9 - Patch
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html - () http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html -
References () http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html - () http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html -
References () http://secunia.com/advisories/43559 - Vendor Advisory () http://secunia.com/advisories/43559 - Vendor Advisory
References () http://secunia.com/advisories/43572 - Vendor Advisory () http://secunia.com/advisories/43572 - Vendor Advisory
References () http://secunia.com/advisories/43578 - Vendor Advisory () http://secunia.com/advisories/43578 - Vendor Advisory
References () http://secunia.com/advisories/43800 - () http://secunia.com/advisories/43800 -
References () http://securitytracker.com/id?1025145 - () http://securitytracker.com/id?1025145 -
References () http://www.debian.org/security/2011/dsa-2178 - () http://www.debian.org/security/2011/dsa-2178 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:040 -
References () http://www.redhat.com/support/errata/RHSA-2011-0309.html - () http://www.redhat.com/support/errata/RHSA-2011-0309.html -
References () http://www.securityfocus.com/bid/46632 - () http://www.securityfocus.com/bid/46632 -
References () http://www.ubuntu.com/usn/USN-1082-1 - () http://www.ubuntu.com/usn/USN-1082-1 -
References () http://www.vupen.com/english/advisories/2011/0543 - Vendor Advisory () http://www.vupen.com/english/advisories/2011/0543 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2011/0555 - Vendor Advisory () http://www.vupen.com/english/advisories/2011/0555 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2011/0558 - Vendor Advisory () http://www.vupen.com/english/advisories/2011/0558 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2011/0584 - () http://www.vupen.com/english/advisories/2011/0584 -
References () http://www.vupen.com/english/advisories/2011/0683 - () http://www.vupen.com/english/advisories/2011/0683 -
References () https://bugzilla.mozilla.org/show_bug.cgi?id=606997 - () https://bugzilla.mozilla.org/show_bug.cgi?id=606997 -
References () https://bugzilla.novell.com/show_bug.cgi?id=672502 - () https://bugzilla.novell.com/show_bug.cgi?id=672502 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=678563 - Patch () https://bugzilla.redhat.com/show_bug.cgi?id=678563 - Patch
References () https://build.opensuse.org/request/show/63070 - Patch () https://build.opensuse.org/request/show/63070 - Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/65770 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/65770 -

14 Jul 2021, 15:41

Type Values Removed Values Added
CPE cpe:2.3:a:pango:pango:1.28.3:*:*:*:*:*:*:* cpe:2.3:a:gnome:pango:1.28.3:*:*:*:*:*:*:*

Information

Published : 2011-03-07 21:00

Updated : 2024-11-21 01:23


NVD link : CVE-2011-0064

Mitre link : CVE-2011-0064

CVE.ORG link : CVE-2011-0064


JSON object : View

Products Affected

mozilla

  • firefox

gnome

  • pango