CVE-2011-0020
CVSS V2 High 7.6
CVSS V3 None
Description
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
Overview
- CVE ID
- CVE-2011-0020
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2011-01-24T18:00:03
- Last Modified Date
- 2023-02-13T03:22:38
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:* | 1 | OR | 1.28.3 | |
cpe:2.3:a:gnome:pango:1.28.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:gnome:pango:1.28.1:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:gnome:pango:1.28.2:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:0.20:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:0.21:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:0.22:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:0.23:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:0.24:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:0.25:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:0.26:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.1:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.2:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.3:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.4:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.5:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.6:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.7:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.8:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.9:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.10:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.11:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.12:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.13:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.14:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.15:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.16:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.17:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.18:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.19:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.20:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.21:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.22:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.23:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.24:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.25:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.26:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:a:pango:pango:1.27:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:H/Au:N/C:C/I:C/A:C
- Access Vector
- NETWORK
- Access Compatibility
- HIGH
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 7.6
- Severity
- HIGH
- Exploitability Score
- 4.9
- Impact Score
- 10
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2011-0020 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0020 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 07:07:19 | Added to TrackCVE | |||
2023-02-02 19:03:05 | 2023-02-02T17:17:50 | CVE Modified Date | updated | |
2023-02-02 19:03:05 | Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. | CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects | Description | updated |
2023-02-13 05:04:19 | 2023-02-13T03:22:38 | CVE Modified Date | updated | |
2023-02-13 05:04:20 | CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects | Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. | Description | updated |