CVE-2019-1010238
published 2019-07-19CVE-2019-1010238: Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | pango1.0 | < pango1.0 1.42.4-7 (bookworm) | pango1.0 1.42.4-7 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| gnome | pango | — | — |
| gnome | pango | 1.42.0 – 1.44 | — |
| msrc | cbl2_pango_1.45.5-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| oracle | sd-wan_edge | — | — |
| oracle | sd-wan_edge | — | — |
| oracle | sd-wan_edge | — | — |
| oracle | sd-wan_edge | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL