CVE-2011-0064

Name of the Vulnerable Software and Affected Versions HarfBuzz (affected versions not specified) Pango version 1.28.3

Description The issue is related to the hb buffer ensure function in HarfBuzz, which is used in Pango and other products. This function does not verify that memory reallocations succeed, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted OpenType font data. The vulnerability can be exploited remotely and may lead to a disruption of confidentiality, integrity, and availability of protected information.

Recommendations For Pango version 1.28.3, update to a newer version that addresses the issue. For HarfBuzz, at the moment, there is no information about a newer version that contains a fix for this vulnerability.