PT-2011-1053 · Pango+2 · Pango+2
Published
2011-03-01
·
Updated
2024-06-15
·
CVE-2011-0064
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
HarfBuzz (affected versions not specified)
Pango version 1.28.3
Description
The issue is related to the
hb buffer ensure function in HarfBuzz, which is used in Pango and other products. This function does not verify that memory reallocations succeed, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted OpenType font data. The vulnerability can be exploited remotely and may lead to a disruption of confidentiality, integrity, and availability of protected information.Recommendations
For Pango version 1.28.3, update to a newer version that addresses the issue.
For HarfBuzz, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Harfbuzz
Pango
Red Hat