CVE-2011-0020

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
gnomepango
𝑥
≤ 1.28.3
gnomepango
1.28.0
gnomepango
1.28.1
gnomepango
1.28.2
pangopango
0.20
pangopango
0.21
pangopango
0.22
pangopango
0.23
pangopango
0.24
pangopango
0.25
pangopango
0.26
pangopango
1.0
pangopango
1.1
pangopango
1.2
pangopango
1.3
pangopango
1.4
pangopango
1.5
pangopango
1.6
pangopango
1.7
pangopango
1.8
pangopango
1.9
pangopango
1.10
pangopango
1.11
pangopango
1.12
pangopango
1.13
pangopango
1.14
pangopango
1.15
pangopango
1.16
pangopango
1.17
pangopango
1.18
pangopango
1.19
pangopango
1.20
pangopango
1.21
pangopango
1.22
pangopango
1.23
pangopango
1.24
pangopango
1.25
pangopango
1.26
pangopango
1.27
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pango1.0
bookworm
1.50.12+ds-1
fixed
bullseye
1.46.2-3
fixed
sid
1.54.0+ds-3
fixed
trixie
1.54.0+ds-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pango1.0
dapper
ignored
hardy
Fixed 1.20.5-0ubuntu1.2
released
karmic
Fixed 1.26.0-1ubuntu0.1
released
lucid
Fixed 1.28.0-0ubuntu2.2
released
maverick
Fixed 1.28.2-0ubuntu1.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpango-1_0-0
suse enterprise desktop 15
1.40.14-1.41
fixed
suse enterprise desktop 15 SP1
1.40.14-3.3.1
fixed
suse enterprise sap 12 SP5
1.40.1-9.5
fixed
suse enterprise sap 15
1.40.14-1.41
fixed
suse enterprise sap 15 SP1
1.40.14-3.3.1
fixed
suse enterprise server 12 SP2
1.40.1-9.5
fixed
suse enterprise server 12 SP3
1.40.1-9.5
fixed
suse enterprise server 12 SP4
1.40.1-9.5
fixed
suse enterprise server 12 SP5
1.40.1-9.5
fixed
suse enterprise server 15
1.40.14-1.41
fixed
suse enterprise server 15 SP1
1.40.14-3.3.1
fixed
libpango-1_0-0-32bit
suse enterprise sap 12 SP5
1.40.1-9.5
fixed
suse enterprise server 12 SP2
1.40.1-9.5
fixed
suse enterprise server 12 SP3
1.40.1-9.5
fixed
suse enterprise server 12 SP4
1.40.1-9.5
fixed
suse enterprise server 12 SP5
1.40.1-9.5
fixed
pango-devel
suse enterprise desktop 15
1.40.14-1.41
fixed
suse enterprise desktop 15 SP1
1.40.14-3.3.1
fixed
suse enterprise sap 15
1.40.14-1.41
fixed
suse enterprise sap 15 SP1
1.40.14-3.3.1
fixed
suse enterprise server 15
1.40.14-1.41
fixed
suse enterprise server 15 SP1
1.40.14-3.3.1
fixed
typelib-1_0-Pango-1_0
suse enterprise desktop 15
1.40.14-1.41
fixed
suse enterprise desktop 15 SP1
1.40.14-3.3.1
fixed
suse enterprise sap 12 SP5
1.40.1-9.5
fixed
suse enterprise sap 15
1.40.14-1.41
fixed
suse enterprise sap 15 SP1
1.40.14-3.3.1
fixed
suse enterprise server 12 SP2
1.40.1-9.5
fixed
suse enterprise server 12 SP3
1.40.1-9.5
fixed
suse enterprise server 12 SP4
1.40.1-9.5
fixed
suse enterprise server 12 SP5
1.40.1-9.5
fixed
suse enterprise server 15
1.40.14-1.41
fixed
suse enterprise server 15 SP1
1.40.14-3.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
pango
RHEL 6
0:1.28.1-3.el6_0.3
fixed
pango-devel
RHEL 6
0:1.28.1-3.el6_0.3
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://openwall.com/lists/oss-security/2011/01/18/6
http://openwall.com/lists/oss-security/2011/01/20/2
http://osvdb.org/70596
http://secunia.com/advisories/42934
http://secunia.com/advisories/43100
http://www.redhat.com/support/errata/RHSA-2011-0180.html
http://www.securityfocus.com/bid/45842
http://www.securitytracker.com/id?1024994
http://www.vupen.com/english/advisories/2011/0186
http://www.vupen.com/english/advisories/2011/0238
https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616
https://bugzilla.gnome.org/show_bug.cgi?id=639882
https://bugzilla.redhat.com/show_bug.cgi?id=671122
https://exchange.xforce.ibmcloud.com/vulnerabilities/64832
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://openwall.com/lists/oss-security/2011/01/18/6
http://openwall.com/lists/oss-security/2011/01/20/2
http://osvdb.org/70596
http://secunia.com/advisories/42934
http://secunia.com/advisories/43100
http://www.redhat.com/support/errata/RHSA-2011-0180.html
http://www.securityfocus.com/bid/45842
http://www.securitytracker.com/id?1024994
http://www.vupen.com/english/advisories/2011/0186
http://www.vupen.com/english/advisories/2011/0238
https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616
https://bugzilla.gnome.org/show_bug.cgi?id=639882
https://bugzilla.redhat.com/show_bug.cgi?id=671122
https://exchange.xforce.ibmcloud.com/vulnerabilities/64832