CVE-2011-0064

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
gnomepango
1.28.3
mozillafirefox
*
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pango1.0
bookworm
1.50.12+ds-1
fixed
bullseye
1.46.2-3
fixed
lenny
not-affected
sid
1.54.0+ds-3
fixed
trixie
1.54.0+ds-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pango1.0
dapper
ignored
hardy
not-affected
karmic
Fixed 1.26.0-1ubuntu0.1
released
lucid
Fixed 1.28.0-0ubuntu2.2
released
maverick
Fixed 1.28.2-0ubuntu1.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpango-1_0-0
suse enterprise desktop 15
1.40.14-1.41
fixed
suse enterprise desktop 15 SP1
1.40.14-3.3.1
fixed
suse enterprise sap 12 SP5
1.40.1-9.5
fixed
suse enterprise sap 15
1.40.14-1.41
fixed
suse enterprise sap 15 SP1
1.40.14-3.3.1
fixed
suse enterprise server 12 SP2
1.40.1-9.5
fixed
suse enterprise server 12 SP3
1.40.1-9.5
fixed
suse enterprise server 12 SP4
1.40.1-9.5
fixed
suse enterprise server 12 SP5
1.40.1-9.5
fixed
suse enterprise server 15
1.40.14-1.41
fixed
suse enterprise server 15 SP1
1.40.14-3.3.1
fixed
libpango-1_0-0-32bit
suse enterprise sap 12 SP5
1.40.1-9.5
fixed
suse enterprise server 12 SP2
1.40.1-9.5
fixed
suse enterprise server 12 SP3
1.40.1-9.5
fixed
suse enterprise server 12 SP4
1.40.1-9.5
fixed
suse enterprise server 12 SP5
1.40.1-9.5
fixed
pango-devel
suse enterprise desktop 15
1.40.14-1.41
fixed
suse enterprise desktop 15 SP1
1.40.14-3.3.1
fixed
suse enterprise sap 15
1.40.14-1.41
fixed
suse enterprise sap 15 SP1
1.40.14-3.3.1
fixed
suse enterprise server 15
1.40.14-1.41
fixed
suse enterprise server 15 SP1
1.40.14-3.3.1
fixed
typelib-1_0-Pango-1_0
suse enterprise desktop 15
1.40.14-1.41
fixed
suse enterprise desktop 15 SP1
1.40.14-3.3.1
fixed
suse enterprise sap 12 SP5
1.40.1-9.5
fixed
suse enterprise sap 15
1.40.14-1.41
fixed
suse enterprise sap 15 SP1
1.40.14-3.3.1
fixed
suse enterprise server 12 SP2
1.40.1-9.5
fixed
suse enterprise server 12 SP3
1.40.1-9.5
fixed
suse enterprise server 12 SP4
1.40.1-9.5
fixed
suse enterprise server 12 SP5
1.40.1-9.5
fixed
suse enterprise server 15
1.40.14-1.41
fixed
suse enterprise server 15 SP1
1.40.14-3.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
pango
RHEL 6
0:1.28.1-3.el6_0.5
fixed
pango-devel
RHEL 6
0:1.28.1-3.el6_0.5
fixed
References
http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://secunia.com/advisories/43559
http://secunia.com/advisories/43572
http://secunia.com/advisories/43578
http://secunia.com/advisories/43800
http://securitytracker.com/id?1025145
http://www.debian.org/security/2011/dsa-2178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
http://www.redhat.com/support/errata/RHSA-2011-0309.html
http://www.securityfocus.com/bid/46632
http://www.ubuntu.com/usn/USN-1082-1
http://www.vupen.com/english/advisories/2011/0543
http://www.vupen.com/english/advisories/2011/0555
http://www.vupen.com/english/advisories/2011/0558
http://www.vupen.com/english/advisories/2011/0584
http://www.vupen.com/english/advisories/2011/0683
https://bugzilla.mozilla.org/show_bug.cgi?id=606997
https://bugzilla.novell.com/show_bug.cgi?id=672502
https://bugzilla.redhat.com/show_bug.cgi?id=678563
https://build.opensuse.org/request/show/63070
https://exchange.xforce.ibmcloud.com/vulnerabilities/65770
http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://secunia.com/advisories/43559
http://secunia.com/advisories/43572
http://secunia.com/advisories/43578
http://secunia.com/advisories/43800
http://securitytracker.com/id?1025145
http://www.debian.org/security/2011/dsa-2178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
http://www.redhat.com/support/errata/RHSA-2011-0309.html
http://www.securityfocus.com/bid/46632
http://www.ubuntu.com/usn/USN-1082-1
http://www.vupen.com/english/advisories/2011/0543
http://www.vupen.com/english/advisories/2011/0555
http://www.vupen.com/english/advisories/2011/0558
http://www.vupen.com/english/advisories/2011/0584
http://www.vupen.com/english/advisories/2011/0683
https://bugzilla.mozilla.org/show_bug.cgi?id=606997
https://bugzilla.novell.com/show_bug.cgi?id=672502
https://bugzilla.redhat.com/show_bug.cgi?id=678563
https://build.opensuse.org/request/show/63070
https://exchange.xforce.ibmcloud.com/vulnerabilities/65770