CVE-2011-3193
published 2012-06-16CVE-2011-3193: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote…
PriorityP346critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
7.54%
93.8th percentile
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | pango1.0 | < pango1.0 1.28.3-1 (bookworm) | pango1.0 1.28.3-1 (bookworm) |
| gnome | pango | < 1.25.1 | 1.25.1 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| qt | qt | < 4.7.4 | 4.7.4 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Qt vulnerabilities
vendor_ubuntu·2012-07-11·CVSS 4.3
CVE-2010-5076 [MEDIUM] Qt vulnerabilities
Title: Qt vulnerabilities
Summary: Qt Applications could be made to crash or run programs as your login if
they opened specially crafted files.
It was discovered that Qt did not properly handle wildcard domain names or
IP addresses in the Common Name field of X.509 certificates. An attacker
could exploit this to perform a machine-in-the-middle attack to view sensitive
information or alter encrypted communications. This issue only affected
Ubuntu 10.04 LTS. (CVE-2010-5076)
A heap-based buffer overflow was discovered in the HarfBuzz module. If a
user were tricked into opening a crafted font file in a Qt application,
an attacker could cause a denial of service or possibly execute arbitrary
code with the privileges of the user invoking the program. (CVE-2011-3193)
It was discovered that Qt
Red Hat
qt/harfbuzz buffer overflow
vendor_redhat·2011-07-19·CVSS 9.3
CVE-2011-3193 [CRITICAL] qt/harfbuzz buffer overflow
qt/harfbuzz buffer overflow
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Package: freetype (Red Hat Enterprise Linux 4) - Not affected
Package: pango (Red Hat Enterprise Linux 4) - Not affected
Package: qt (Red Hat Enterprise Linux 4) - Not affected
Package: freetype (Red Hat Enterprise Linux 5) - Not affected
Package: qt (Red Hat Enterprise Linux 5) - Not affected
Package: freetype (Red Hat Enterprise Linux 6) - Not affected
Package: pango (Red Hat Enterprise Linux 6) - Not affected
Package: qt3 (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2011-3193: pango1.0 - Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz mo...
vendor_debian·2011·CVSS 9.3
CVE-2011-3193 [CRITICAL] CVE-2011-3193: pango1.0 - Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz mo...
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Scope: local
bookworm: resolved (fixed in 1.28.3-1)
bullseye: resolved (fixed in 1.28.3-1)
forky: resolved (fixed in 1.28.3-1)
sid: resolved (fixed in 1.28.3-1)
trixie: resolved (fixed in 1.28.3-1)
GHSA
GHSA-gw56-35qp-gch8: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos
ghsa_unreviewed·2022-05-13
CVE-2011-3193 [HIGH] CWE-787 GHSA-gw56-35qp-gch8: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
OSV
CVE-2011-3193: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos
osv·2012-06-16·CVSS 9.3
CVE-2011-3193 [CRITICAL] CVE-2011-3193: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-3193 qt/harfbuzz buffer overflow [fedora-all]
bugzilla·2011-09-22·CVSS 9.3
CVE-2011-3193 [CRITICAL] CVE-2011-3193 qt/harfbuzz buffer overflow [fedora-all]
CVE-2011-3193 qt/harfbuzz buffer overflow [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=733118
Please note: this issue affects multiple supported versions
Bugzilla
CVE-2011-3193 qt/harfbuzz buffer overflow
bugzilla·2011-08-24·CVSS 9.3
CVE-2011-3193 [CRITICAL] CVE-2011-3193 qt/harfbuzz buffer overflow
CVE-2011-3193 qt/harfbuzz buffer overflow
A buffer overflow flaw was found in the 3rd party harfbuzz module in qt.
The upstream commit is here:
https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c
Discussion:
This issue affects the version of qt (qt4) shipped with Red Hat Enterprise Linux 6. This issue affects the version of qt4 shipped with Red Hat Enterprise Linux 5.
This issue does not affect the version of qt3 shipped with Red Hat Enterprise Linux 4, 5 and 6.
--
This issue affects the version of pango shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of pango shipped with Red Hat Enterprise Linux 4 and 6.
--
This issue affects the version of evolution28-pango as shipped with Red Hat Enterprise Linux 4.
--
This issue affe
http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.htmlhttp://lists.opensuse.org/opensuse-updates/2011-10/msg00008.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1323.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1324.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1325.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1326.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1327.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1328.htmlhttp://secunia.com/advisories/41537http://secunia.com/advisories/46117http://secunia.com/advisories/46118http://secunia.com/advisories/46119http://secunia.com/advisories/46128http://secunia.com/advisories/46371http://secunia.com/advisories/46410http://secunia.com/advisories/49895http://www.openwall.com/lists/oss-security/2011/08/22/6http://www.openwall.com/lists/oss-security/2011/08/24/8http://www.openwall.com/lists/oss-security/2011/08/25/1http://www.osvdb.org/75652http://www.securityfocus.com/bid/49723http://www.ubuntu.com/usn/USN-1504-1https://exchange.xforce.ibmcloud.com/vulnerabilities/69991https://hermes.opensuse.org/messages/12056605https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775chttp://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.htmlhttp://lists.opensuse.org/opensuse-updates/2011-10/msg00008.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1323.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1324.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1325.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1326.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1327.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1328.htmlhttp://secunia.com/advisories/41537http://secunia.com/advisories/46117http://secunia.com/advisories/46118http://secunia.com/advisories/46119http://secunia.com/advisories/46128http://secunia.com/advisories/46371http://secunia.com/advisories/46410http://secunia.com/advisories/49895http://www.openwall.com/lists/oss-security/2011/08/22/6http://www.openwall.com/lists/oss-security/2011/08/24/8http://www.openwall.com/lists/oss-security/2011/08/25/1http://www.osvdb.org/75652http://www.securityfocus.com/bid/49723http://www.ubuntu.com/usn/USN-1504-1https://exchange.xforce.ibmcloud.com/vulnerabilities/69991https://hermes.opensuse.org/messages/12056605https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c
2012-06-16
Published