CVE-2019-1010238 — Out-of-bounds Write in Pango
Severity
9.8CRITICALNVD
EPSS
4.5%
top 10.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 19
Latest updateMay 24
Description
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages6 packages
Also affects: Debian Linux 10.0, Fedora 29, 30, Ubuntu Linux 19.04, Enterprise Linux 8.0, 7.4, 7.6, 8.1, 8.2, 8.4, 7.7, Openshift Container Platform 3.11, 4.1
Patches
🔴Vulnerability Details
3📋Vendor Advisories
5Oracle
▶
Microsoft▶
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embeddin↗2019-07-09
Debian▶
CVE-2019-1010238: pango1.0 - Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The h...↗2019