Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-0020

Опубликовано: 18 янв. 2011
Источник: redhat
CVSS2: 5.1
EPSS Низкий

Описание

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4pangoNot affected
Red Hat Enterprise Linux 4evolution28-pangoFixedRHSA-2011:018027.01.2011
Red Hat Enterprise Linux 5pangoFixedRHSA-2011:018027.01.2011
Red Hat Enterprise Linux 6pangoFixedRHSA-2011:018027.01.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=671122pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects

EPSS

Процентиль: 92%
0.07842
Низкий

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-0020

ubuntu
больше 14 лет назад

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

nvd логотип

CVE-2011-0020

nvd
больше 14 лет назад

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

debian логотип

CVE-2011-0020

debian
больше 14 лет назад

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph func ...

github логотип

GHSA-5c8w-jg4w-gcj2

github
около 3 лет назад

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

oracle-oval логотип

ELSA-2011-0180

oracle-oval
больше 14 лет назад

ELSA-2011-0180: pango security update (MODERATE)

EPSS

Процентиль: 92%
0.07842
Низкий

5.1 Medium

CVSS2