CVE-2019-1010238

Опубликовано: 06 авг. 2019

Источник: redhat

CVSS3: 9.8

EPSS Низкий

Описание

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.

A buffer overflow flaw was found in Gnome Pango. When invalid utf-8 strings are passed to functions, a heap-based buffer overflow can occur that could lead to code execution. The highest threat from this vulnerability is data confidentiality and integrity as well as system availability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	pango	Not affected
Red Hat Enterprise Linux 6	pango	Not affected
Red Hat Enterprise Linux 7	pango	Fixed	RHSA-2019:2571	28.08.2019
Red Hat Enterprise Linux 7.6 Extended Update Support	pango	Fixed	RHSA-2019:3234	29.10.2019
Red Hat Enterprise Linux 8	pango	Fixed	RHSA-2019:2582	29.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=1737785pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow

EPSS

Процентиль: 90%

0.05393

Низкий

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2019-1010238

CVSS3: 9.8

ubuntu

около 6 лет назад

CVE-2019-1010238

CVSS3: 9.8

nvd

около 6 лет назад

CVE-2019-1010238

CVSS3: 9.8

msrc

больше 3 лет назад

Описание отсутствует

CVE-2019-1010238

CVSS3: 9.8

debian

около 6 лет назад

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact ...

GHSA-wwvc-98fq-c42m

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 90%

0.05393

Низкий

9.8 Critical

CVSS3