CVE-2011-0020

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
Severity
UNKNOWN
AV:N/AC:H/Au:N/C:C/I:C/A:C
Atk. Vector
NETWORK
Atk. Complexity
HIGH
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
gnomepango
𝑥
≤ 1.28.3
gnomepango
1.28.0
gnomepango
1.28.1
gnomepango
1.28.2
pangopango
0.20
pangopango
0.21
pangopango
0.22
pangopango
0.23
pangopango
0.24
pangopango
0.25
pangopango
0.26
pangopango
1.0
pangopango
1.1
pangopango
1.2
pangopango
1.3
pangopango
1.4
pangopango
1.5
pangopango
1.6
pangopango
1.7
pangopango
1.8
pangopango
1.9
pangopango
1.10
pangopango
1.11
pangopango
1.12
pangopango
1.13
pangopango
1.14
pangopango
1.15
pangopango
1.16
pangopango
1.17
pangopango
1.18
pangopango
1.19
pangopango
1.20
pangopango
1.21
pangopango
1.22
pangopango
1.23
pangopango
1.24
pangopango
1.25
pangopango
1.26
pangopango
1.27
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pango1.0
bullseye
1.46.2-3
fixed
bookworm
1.50.12+ds-1
fixed
sid
1.54.0+ds-2
fixed
trixie
1.54.0+ds-2
fixed