CVE-2011-0064
published 2011-03-07CVE-2011-0064: The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations…
PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.33%
87.1th percentile
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pango1.0 | < pango1.0 1.28.3-2~sid1 (bookworm) | pango1.0 1.28.3-2~sid1 (bookworm) |
| gnome | pango | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Pango vulnerabilities
vendor_ubuntu·2011-03-02·CVSS 4.3
CVE-2010-0421 [MEDIUM] Pango vulnerabilities
Title: Pango vulnerabilities
Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph
Definition (GDEF) tables. If a user were tricked into displaying text with
a specially-crafted font, an attacker could cause Pango to crash, resulting
in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10.
(CVE-2010-0421)
Dan Rosenberg discovered that Pango incorrectly handled certain FT_Bitmap
objects. If a user were tricked into displaying text with a specially-
crafted font, an attacker could cause a denial of service or execute
arbitrary code with privileges of the user invoking the program. The
default compiler options for affected releases should reduce the
vulnerability to a denial of service. (CVE-2011-0020)
It was discovered that Pango incorrectly handled ce
Red Hat
pango: missing memory reallocation failure checking in hb_buffer_ensure
vendor_redhat·2011-03-01·CVSS 6.8
CVE-2011-0064 [MEDIUM] pango: missing memory reallocation failure checking in hb_buffer_ensure
pango: missing memory reallocation failure checking in hb_buffer_ensure
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
Statement: This issue did not affect the versions of qt shipped with Red Hat Enterprise Linux 4, 5 and 6.
Package: evolution28-pango (Red Hat Enterprise Linux 4) - Not affected
Package: pango (Red Hat Enterprise Linux 4) - Not affected
Package: pango (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2011-0064: pango1.0 - The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28....
vendor_debian·2011·CVSS 6.8
CVE-2011-0064 [MEDIUM] CVE-2011-0064: pango1.0 - The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28....
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
Scope: local
bookworm: resolved (fixed in 1.28.3-2~sid1)
bullseye: resolved (fixed in 1.28.3-2~sid1)
forky: resolved (fixed in 1.28.3-2~sid1)
sid: resolved (fixed in 1.28.3-2~sid1)
trixie: resolved (fixed in 1.28.3-2~sid1)
GHSA
GHSA-49v5-wqh2-vj5q: The hb_buffer_ensure function in hb-buffer
ghsa_unreviewed·2022-05-03
CVE-2011-0064 [MEDIUM] GHSA-49v5-wqh2-vj5q: The hb_buffer_ensure function in hb-buffer
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
OSV
CVE-2011-0064: The hb_buffer_ensure function in hb-buffer
osv·2011-03-07·CVSS 6.8
CVE-2011-0064 [MEDIUM] CVE-2011-0064: The hb_buffer_ensure function in hb-buffer
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-0064 pango: missing memory reallocation failure checking in hb_buffer_ensure [fedora-all]
bugzilla·2011-03-01·CVSS 6.8
CVE-2011-0064 [MEDIUM] CVE-2011-0064 pango: missing memory reallocation failure checking in hb_buffer_ensure [fedora-all]
CVE-2011-0064 pango: missing memory reallocation failure checking in hb_buffer_ensure [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=678563
Please note: thi
Bugzilla
CVE-2011-0064 pango: missing memory reallocation failure checking in hb_buffer_ensure
bugzilla·2011-02-18·CVSS 6.8
CVE-2011-0064 [MEDIUM] CVE-2011-0064 pango: missing memory reallocation failure checking in hb_buffer_ensure
CVE-2011-0064 pango: missing memory reallocation failure checking in hb_buffer_ensure
It was discovered that pango did not check for memory reallocation failures in hb_buffer_ensure() function. This could trigger a NULL pointer dereference in hb_buffer_add_glyph(), where possibly untrusted input is used as an index used for accessing members of the incorrectly reallocated array, resulting in the use of NULL address as the base array address. This can result in application crash or, possibly, code execution.
It was demonstrated that it's possible to trigger this flaw in Firefox via a specially crafted web page.
Mozilla bug report (currently not public):
https://bugzilla.mozilla.org/show_bug.cgi?id=606997
Fix in the harfbuzz git:
http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe
http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://secunia.com/advisories/43559http://secunia.com/advisories/43572http://secunia.com/advisories/43578http://secunia.com/advisories/43800http://securitytracker.com/id?1025145http://www.debian.org/security/2011/dsa-2178http://www.mandriva.com/security/advisories?name=MDVSA-2011:040http://www.redhat.com/support/errata/RHSA-2011-0309.htmlhttp://www.securityfocus.com/bid/46632http://www.ubuntu.com/usn/USN-1082-1http://www.vupen.com/english/advisories/2011/0543http://www.vupen.com/english/advisories/2011/0555http://www.vupen.com/english/advisories/2011/0558http://www.vupen.com/english/advisories/2011/0584http://www.vupen.com/english/advisories/2011/0683https://bugzilla.mozilla.org/show_bug.cgi?id=606997https://bugzilla.novell.com/show_bug.cgi?id=672502https://bugzilla.redhat.com/show_bug.cgi?id=678563https://build.opensuse.org/request/show/63070https://exchange.xforce.ibmcloud.com/vulnerabilities/65770http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://secunia.com/advisories/43559http://secunia.com/advisories/43572http://secunia.com/advisories/43578http://secunia.com/advisories/43800http://securitytracker.com/id?1025145http://www.debian.org/security/2011/dsa-2178http://www.mandriva.com/security/advisories?name=MDVSA-2011:040http://www.redhat.com/support/errata/RHSA-2011-0309.htmlhttp://www.securityfocus.com/bid/46632http://www.ubuntu.com/usn/USN-1082-1http://www.vupen.com/english/advisories/2011/0543http://www.vupen.com/english/advisories/2011/0555http://www.vupen.com/english/advisories/2011/0558http://www.vupen.com/english/advisories/2011/0584http://www.vupen.com/english/advisories/2011/0683https://bugzilla.mozilla.org/show_bug.cgi?id=606997https://bugzilla.novell.com/show_bug.cgi?id=672502https://bugzilla.redhat.com/show_bug.cgi?id=678563https://build.opensuse.org/request/show/63070https://exchange.xforce.ibmcloud.com/vulnerabilities/65770
2011-03-07
Published