Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2011-0020 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Pango
Severity
7.6HIGHNVD
EPSS
5.7%
top 9.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJan 24
Latest updateMay 3
Description
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
CVSS vector
AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-5c8w-jg4w-gcj2: Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render↗2022-05-03
CVEList▶
CVE-2011-0020: Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render↗2011-01-24
OSV▶
CVE-2011-0020: Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render↗2011-01-24
💥Exploits & PoCs
1📋Vendor Advisories
3💬Community
1Bugzilla▶
CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects↗2011-01-20