cbcvebase.
CVE-2011-0064
published 2011-03-07

CVE-2011-0064: The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations…

PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.33%
87.1th percentile
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

Affected

2 ranges
VendorProductVersion rangeFixed in
debianpango1.0< pango1.0 1.28.3-2~sid1 (bookworm)pango1.0 1.28.3-2~sid1 (bookworm)
gnomepango

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.