cbcvebase.
CVE-2011-3193
published 2012-06-16

CVE-2011-3193: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote…

PriorityP346critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
7.54%
93.8th percentile
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

Affected

17 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
debianpango1.0< pango1.0 1.28.3-1 (bookworm)pango1.0 1.28.3-1 (bookworm)
gnomepango< 1.25.11.25.1
opensuseopensuse
opensuseopensuse
qtqt< 4.7.44.7.4
redhatenterprise_linux_desktop
redhatenterprise_linux_desktop
redhatenterprise_linux_desktop
redhatenterprise_linux_eus
redhatenterprise_linux_server
redhatenterprise_linux_server
redhatenterprise_linux_server
redhatenterprise_linux_workstation
redhatenterprise_linux_workstation
redhatenterprise_linux_workstation

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.