Debian Pango1.0 vulnerabilities
7 known vulnerabilities affecting debian/pango1.0.
Total CVEs
7
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM3LOW1
Vulnerabilities
Page 1 of 1
CVE-2011-0020P3HIGHCVSS 7.6PoCfixed in pango1.0 1.28.3-1+squeeze1 (bookworm)2011
CVE-2011-0020 [HIGH] CVE-2011-0020: pango1.0 - Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pa...
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitma
debian
CVE-2018-15120P3LOWCVSS 6.5PoCfixed in pango1.0 1.42.4-1 (bookworm)2018
CVE-2018-15120 [MEDIUM] CVE-2018-15120: pango1.0 - libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, ...
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
Scope: local
bookworm: resolved (fixed in 1.42.4-1)
bullseye: resolved (fixed in 1.42.4-1)
forky: resolved (fixed in 1.42
debian
CVE-2019-1010238P3CRITICALCVSS 9.8fixed in pango1.0 1.42.4-7 (bookworm)2019
CVE-2019-1010238 [CRITICAL] CVE-2019-1010238: pango1.0 - Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The h...
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pang
debian
CVE-2011-3193P3CRITICALCVSS 9.3fixed in pango1.0 1.28.3-1 (bookworm)2011
CVE-2011-3193 [CRITICAL] CVE-2011-3193: pango1.0 - Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz mo...
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Scope: local
bookworm: resolved (fixed in 1.28.3-1)
bullseye: resolved (fixed in 1.28.3-1)
forky: res
debian
CVE-2011-0064P4MEDIUMCVSS 6.8fixed in pango1.0 1.28.3-2~sid1 (bookworm)2011
CVE-2011-0064 [MEDIUM] CVE-2011-0064: pango1.0 - The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28....
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorr
debian
CVE-2009-1194P4MEDIUMCVSS 6.8fixed in pango1.0 1.24.0-2 (bookworm)2009
CVE-2009-1194 [MEDIUM] CVE-2009-1194: pango1.0 - Integer overflow in the pango_glyph_string_set_size function in pango/glyphstrin...
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
Scope: local
debian
CVE-2010-0421P4MEDIUMCVSS 4.3fixed in pango1.0 1.26.2-1 (bookworm)2010
CVE-2010-0421 [MEDIUM] CVE-2010-0421: pango1.0 - Array index error in the hb_ot_layout_build_glyph_classes function in pango/open...
Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
Scop
debian