CVE-2011-0020

HIGH

Description

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

References

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://openwall.com/lists/oss-security/2011/01/18/6

http://openwall.com/lists/oss-security/2011/01/20/2

http://osvdb.org/70596

http://secunia.com/advisories/42934

http://secunia.com/advisories/43100

http://www.redhat.com/support/errata/RHSA-2011-0180.html

http://www.securityfocus.com/bid/45842

http://www.securitytracker.com/id?1024994

http://www.vupen.com/english/advisories/2011/0186

http://www.vupen.com/english/advisories/2011/0238

https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616

https://bugzilla.gnome.org/show_bug.cgi?id=639882

https://bugzilla.redhat.com/show_bug.cgi?id=671122

https://exchange.xforce.ibmcloud.com/vulnerabilities/64832

Details

Source: MITRE

Published: 2011-01-24

Updated: 2017-08-17

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:pango:pango:0.20:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:0.21:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:0.22:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:0.23:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:0.24:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:0.25:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:0.26:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.0:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.1:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.2:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.3:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.4:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.5:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.6:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.7:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.8:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.9:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.10:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.11:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.12:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.13:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.14:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.15:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.16:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.17:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.18:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.19:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.20:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.21:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.22:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.23:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.24:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.25:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.26:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.27:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.28.0:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.28.1:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.28.2:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:*:*:*:*:*:*:*:* versions up to 1.28.3 (inclusive)

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
75599openSUSE Security Update : libpango-1_0-0 (openSUSE-SU-2011:0221-1)NessusSuSE Local Security Checks
high
74056GLSA-201405-13 : Pango: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
68188Oracle Linux 4 / 5 / 6 : pango (ELSA-2011-0180)NessusOracle Linux Local Security Checks
high
60944Scientific Linux Security Update : pango on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
57187SuSE 10 Security Update : firefox3-pango (ZYPP Patch Number 7459)NessusSuSE Local Security Checks
high
54612SuSE 10 Security Update : firefox3-pango (ZYPP Patch Number 7460)NessusSuSE Local Security Checks
high
53753openSUSE Security Update : libpango-1_0-0 (openSUSE-SU-2011:0221-1)NessusSuSE Local Security Checks
high
52960SuSE 11.1 Security Update : pango (SAT Patch Number 4065)NessusSuSE Local Security Checks
high
52529Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : pango1.0 vulnerabilities (USN-1082-1)NessusUbuntu Local Security Checks
high
51886CentOS 4 : pango (CESA-2011:0180)NessusCentOS Local Security Checks
high
51865Mandriva Linux Security Advisory : pango (MDVSA-2011:020)NessusMandriva Local Security Checks
high
51811RHEL 4 / 5 / 6 : pango (RHSA-2011:0180)NessusRed Hat Local Security Checks
high