ID CVE-2011-0064
Summary The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
References
Vulnerable Configurations
  • Pango 1.28.3
    cpe:2.3:a:pango:pango:1.28.3
  • Mozilla Firefox
    cpe:2.3:a:mozilla:firefox
CVSS
Base: 6.8 (as of 08-03-2011 - 09:25)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-3194.NASL
    description It was discovered that pango did not check for memory reallocation failures in hb_buffer_ensure() function. This could trigger a NULL pointer dereference in hb_buffer_add_glyph(), where possibly untrusted input is used as an index used for accessing members of the incorrectly reallocated array, resulting in the use of NULL address as the base array address. This can result in application crash or, possibly, code execution. It was demonstrated that it's possible to trigger this flaw in Firefox via a specially crafted web page. Mozilla bug report (currently not public): https://bugzilla.mozilla.org/show_bug.cgi?id=606997 Fix in the harfbuzz git: http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2e Acknowledgements : Red Hat would like to thank Mozilla Security Team for reporting this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 52696
    published 2011-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52696
    title Fedora 14 : pango-1.28.1-5.fc14 (2011-3194)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0309.NASL
    description Updated pango packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Pango is a library used for the layout and rendering of internationalized text. It was discovered that Pango did not check for memory reallocation failures in the hb_buffer_ensure() function. An attacker able to trigger a reallocation failure by passing sufficiently large input to an application using Pango could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0064) Red Hat would like to thank the Mozilla Security Team for reporting this issue. All pango users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, you must restart your system or restart the X server for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 52493
    published 2011-03-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52493
    title RHEL 6 : pango (RHSA-2011:0309)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_PANGO-110301.NASL
    description Specially crafted font files could cause a heap corruption in applications linked against pango. (CVE-2011-0064 / CVE-2011-0020)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 52960
    published 2011-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52960
    title SuSE 11.1 Security Update : pango (SAT Patch Number 4065)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201405-13.NASL
    description The remote host is affected by the vulnerability described in GLSA-201405-13 (Pango: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Pango. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could entice a user to load specially crafted text using an application linked against Pango, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 74056
    published 2014-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74056
    title GLSA-201405-13 : Pango: Multiple vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1082-1.NASL
    description Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph Definition (GDEF) tables. If a user were tricked into displaying text with a specially crafted font, an attacker could cause Pango to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10. (CVE-2010-0421) Dan Rosenberg discovered that Pango incorrectly handled certain FT_Bitmap objects. If a user were tricked into displaying text with a specially- crafted font, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2011-0020) It was discovered that Pango incorrectly handled certain memory reallocation failures. If a user were tricked into displaying text in a way that would cause a reallocation failure, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. (CVE-2011-0064). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 52529
    published 2011-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52529
    title Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : pango1.0 vulnerabilities (USN-1082-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110301_PANGO_ON_SL6_X.NASL
    description It was discovered that Pango did not check for memory reallocation failures in the hb_buffer_ensure() function. An attacker able to trigger a reallocation failure by passing sufficiently large input to an application using Pango could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0064) After installing this update, you must restart your system or restart the X server for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60970
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60970
    title Scientific Linux Security Update : pango on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBPANGO-1_0-0-110301.NASL
    description Specially crafted font files could cause a heap corruption in applications linked against pango (CVE-2011-0064, CVE-2011-0020).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75599
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75599
    title openSUSE Security Update : libpango-1_0-0 (openSUSE-SU-2011:0221-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0309.NASL
    description From Red Hat Security Advisory 2011:0309 : Updated pango packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Pango is a library used for the layout and rendering of internationalized text. It was discovered that Pango did not check for memory reallocation failures in the hb_buffer_ensure() function. An attacker able to trigger a reallocation failure by passing sufficiently large input to an application using Pango could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0064) Red Hat would like to thank the Mozilla Security Team for reporting this issue. All pango users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, you must restart your system or restart the X server for the update to take effect.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68212
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68212
    title Oracle Linux 6 : pango (ELSA-2011-0309)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2178.NASL
    description It was discovered that Pango did not check for memory allocation failures, causing a NULL pointer dereference with an adjustable offset. This can lead to application crashes and potentially arbitrary code execution. The oldstable distribution (lenny) is not affected by this problem.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 52512
    published 2011-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52512
    title Debian DSA-2178-1 : pango1.0 - NULL pointer dereference
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-040.NASL
    description A vulnerability has been found and corrected in pango : It was discovered that pango did not check for memory reallocation failures in hb_buffer_ensure() function. This could trigger a NULL pointer dereference in hb_buffer_add_glyph(), where possibly untrusted input is used as an index used for accessing members of the incorrectly reallocated array, resulting in the use of NULL address as the base array address. This can result in application crash or, possibly, code execution (CVE-2011-0064). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 52541
    published 2011-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52541
    title Mandriva Linux Security Advisory : pango (MDVSA-2011:040)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBPANGO-1_0-0-110301.NASL
    description Specially crafted font files could cause a heap corruption in applications linked against pango (CVE-2011-0064, CVE-2011-0020).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53753
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53753
    title openSUSE Security Update : libpango-1_0-0 (openSUSE-SU-2011:0221-1)
redhat via4
advisories
bugzilla
id 678563
title CVE-2011-0064 pango: missing memory reallocation failure checking in hb_buffer_ensure
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment pango is earlier than 0:1.28.1-3.el6_0.5
        oval oval:com.redhat.rhsa:tst:20110309005
      • comment pango is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20152116016
    • AND
      • comment pango-devel is earlier than 0:1.28.1-3.el6_0.5
        oval oval:com.redhat.rhsa:tst:20110309007
      • comment pango-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20152116014
rhsa
id RHSA-2011:0309
released 2011-03-01
severity Critical
title RHSA-2011:0309: pango security update (Critical)
rpms
  • pango-0:1.28.1-3.el6_0.5
  • pango-devel-0:1.28.1-3.el6_0.5
refmap via4
bid 46632
confirm
debian DSA-2178
fedora FEDORA-2011-3194
mandriva MDVSA-2011:040
sectrack 1025145
secunia
  • 43559
  • 43572
  • 43578
  • 43800
suse SUSE-SR:2011:005
ubuntu USN-1082-1
vupen
  • ADV-2011-0543
  • ADV-2011-0555
  • ADV-2011-0558
  • ADV-2011-0584
  • ADV-2011-0683
xf pango-hbbufferensure-bo(65770)
Last major update 11-02-2014 - 23:25
Published 07-03-2011 - 16:00
Last modified 16-08-2017 - 21:33
Back to Top