Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-0064

Опубликовано: 07 мар. 2011
Источник: nvd
CVSS2: 6.8
EPSS Низкий

Описание

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

Комментарий

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gnome:pango:1.28.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

EPSS

Процентиль: 85%
0.02563
Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2011-0064

ubuntu
больше 14 лет назад

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

redhat логотип

CVE-2011-0064

redhat
больше 14 лет назад

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

debian логотип

CVE-2011-0064

debian
больше 14 лет назад

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in P ...

github логотип

GHSA-49v5-wqh2-vj5q

github
около 3 лет назад

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

oracle-oval логотип

ELSA-2011-0309

oracle-oval
больше 14 лет назад

ELSA-2011-0309: pango security update (CRITICAL)

EPSS

Процентиль: 85%
0.02563
Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other