CVE-2018-15120

EUVD-2018-7002
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
gnomepango
1.40.8 ≤
𝑥
≤ 1.42.3
canonicalubuntu_linux
18.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pango1.0
bookworm
1.50.12+ds-1
fixed
bullseye
1.46.2-3
fixed
jessie
not-affected
sid
1.54.0+ds-3
fixed
stretch
not-affected
trixie
1.54.0+ds-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pango1.0
bionic
Fixed 1.40.14-1ubuntu0.1
released
trusty
dne
xenial
not-affected
Common Weakness Enumeration
References
http://52.117.224.77/xfce4-pdos.webm
https://github.com/GNOME/pango/blob/1.42.4/NEWS
https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f
https://i.redd.it/v7p4n2ptu0s11.jpg
https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html
https://security.gentoo.org/glsa/201811-07
https://usn.ubuntu.com/3750-1/
https://www.exploit-db.com/exploits/45263
https://www.exploit-db.com/exploits/45263/
https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is-working-on-a-fix
https://www.reddit.com/r/PS4/comments/9o5efg/message_bricking_console_megathread/
http://52.117.224.77/xfce4-pdos.webm
https://github.com/GNOME/pango/blob/1.42.4/NEWS
https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f
https://i.redd.it/v7p4n2ptu0s11.jpg
https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html
https://security.gentoo.org/glsa/201811-07
https://usn.ubuntu.com/3750-1/
https://www.exploit-db.com/exploits/45263
https://www.exploit-db.com/exploits/45263/
https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is-working-on-a-fix
https://www.reddit.com/r/PS4/comments/9o5efg/message_bricking_console_megathread/