Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-18397

Опубликовано: 07 нояб. 2019
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.

A heap-based buffer overflow vulnerability was found in GNU FriBidi, an implementation of the Unicode Bidirectional Algorithm (bidi). When the flaw is triggered it's possible to manipulate the heap contents, leading to memory corruption causing a denial of service and to arbitrary code execution. The highest threat from this flaw to both data and system availability.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-121->CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1768750fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib/fribidi-bidi.c leading to denial of service and possible code execution

EPSS

Процентиль: 74%
0.00807
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-18397

CVSS3: 7.8
ubuntu
около 6 лет назад

A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.

nvd логотип

CVE-2019-18397

CVSS3: 7.8
nvd
около 6 лет назад

A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.

debian логотип

CVE-2019-18397

CVSS3: 7.8
debian
около 6 лет назад

A buffer overflow in the fribidi_get_par_embedding_levels_ex() functio ...

suse-cvrf логотип

openSUSE-SU-2021:1655-1

suse-cvrf
больше 4 лет назад

Security update for fribidi

suse-cvrf логотип

openSUSE-SU-2021:0763-1

suse-cvrf
больше 4 лет назад

Security update for fribidi

EPSS

Процентиль: 74%
0.00807
Низкий

7.8 High

CVSS3