ID CVE-2011-0064
Summary The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:pango:1.28.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:pango:1.28.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 14-07-2021 - 15:41)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 678563
title CVE-2011-0064 pango: missing memory reallocation failure checking in hb_buffer_ensure
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment pango is earlier than 0:1.28.1-3.el6_0.5
          oval oval:com.redhat.rhsa:tst:20110309001
        • comment pango is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20152116008
      • AND
        • comment pango-devel is earlier than 0:1.28.1-3.el6_0.5
          oval oval:com.redhat.rhsa:tst:20110309003
        • comment pango-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20152116010
rhsa
id RHSA-2011:0309
released 2011-03-01
severity Critical
title RHSA-2011:0309: pango security update (Critical)
rpms
  • pango-0:1.28.1-3.el6_0.5
  • pango-debuginfo-0:1.28.1-3.el6_0.5
  • pango-devel-0:1.28.1-3.el6_0.5
refmap via4
bid 46632
confirm
debian DSA-2178
fedora FEDORA-2011-3194
mandriva MDVSA-2011:040
sectrack 1025145
secunia
  • 43559
  • 43572
  • 43578
  • 43800
suse SUSE-SR:2011:005
ubuntu USN-1082-1
vupen
  • ADV-2011-0543
  • ADV-2011-0555
  • ADV-2011-0558
  • ADV-2011-0584
  • ADV-2011-0683
xf pango-hbbufferensure-bo(65770)
Last major update 14-07-2021 - 15:41
Published 07-03-2011 - 21:00
Last modified 14-07-2021 - 15:41
Back to Top