ID CVE-2011-3193
Summary Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
References
Vulnerable Configurations
  • cpe:2.3:a:pango:pango:1.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:pango:pango:1.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pango:pango:1.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:pango:pango:1.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pango:pango:1.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:pango:pango:1.24.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pango:pango:1.24.2:*:*:*:*:*:*:*
    cpe:2.3:a:pango:pango:1.24.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pango:pango:1.24.3:*:*:*:*:*:*:*
    cpe:2.3:a:pango:pango:1.24.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pango:pango:1.24.4:*:*:*:*:*:*:*
    cpe:2.3:a:pango:pango:1.24.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pango:pango:1.24.5:*:*:*:*:*:*:*
    cpe:2.3:a:pango:pango:1.24.5:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:1.41:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:1.41:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:1.42:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:1.42:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:1.43:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:1.43:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:1.44:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:1.44:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:1.45:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:1.45:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.00:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.00:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:2.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:2.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.0.4:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.0.4:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.0.4:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.0.4:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.0.5:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.0.5:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.0.5:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.0.5:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.0.6:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.0.6:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.0.6:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.0.6:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.0.7:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.0.7:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.0.7:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.0.7:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.1.1:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.1.1:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.1.2:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.1.2:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.1.2:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.1.2:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.2.1:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.2.1:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.2.1:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.2.1:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.2.2:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.2.2:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.2.2:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.2.2:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.2.3:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.2.3:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.2.3:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.2.3:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.1:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.1:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.1:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.1:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.2:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.2:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.2:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.2:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.3:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.3:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.3:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.3:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.4:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.4:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.4:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.4:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.6:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.6:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.6:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.6:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.7:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.7:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.7:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.7:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.8:-:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.8:-:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.8:p:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.8:p:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:3.3.8b:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:3.3.8b:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:qt:qt:4.7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 04-08-2020 - 13:20)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 733118
    title CVE-2011-3193 qt/harfbuzz buffer overflow
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment qt4 is earlier than 0:4.2.1-1.el5_7.1
            oval oval:com.redhat.rhsa:tst:20111324001
          • comment qt4 is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20111324002
        • AND
          • comment qt4-devel is earlier than 0:4.2.1-1.el5_7.1
            oval oval:com.redhat.rhsa:tst:20111324003
          • comment qt4-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20111324004
        • AND
          • comment qt4-doc is earlier than 0:4.2.1-1.el5_7.1
            oval oval:com.redhat.rhsa:tst:20111324005
          • comment qt4-doc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20111324006
        • AND
          • comment qt4-mysql is earlier than 0:4.2.1-1.el5_7.1
            oval oval:com.redhat.rhsa:tst:20111324007
          • comment qt4-mysql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20111324008
        • AND
          • comment qt4-odbc is earlier than 0:4.2.1-1.el5_7.1
            oval oval:com.redhat.rhsa:tst:20111324009
          • comment qt4-odbc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20111324010
        • AND
          • comment qt4-postgresql is earlier than 0:4.2.1-1.el5_7.1
            oval oval:com.redhat.rhsa:tst:20111324011
          • comment qt4-postgresql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20111324012
        • AND
          • comment qt4-sqlite is earlier than 0:4.2.1-1.el5_7.1
            oval oval:com.redhat.rhsa:tst:20111324013
          • comment qt4-sqlite is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20111324014
    rhsa
    id RHSA-2011:1324
    released 2011-09-21
    severity Moderate
    title RHSA-2011:1324: qt4 security update (Moderate)
  • bugzilla
    id 733118
    title CVE-2011-3193 qt/harfbuzz buffer overflow
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • comment evolution28-pango is earlier than 0:1.14.9-13.el4_11
            oval oval:com.redhat.rhsa:tst:20111325001
          • comment evolution28-pango is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20090476006
        • AND
          • comment evolution28-pango-devel is earlier than 0:1.14.9-13.el4_11
            oval oval:com.redhat.rhsa:tst:20111325003
          • comment evolution28-pango-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20090476008
    rhsa
    id RHSA-2011:1325
    released 2011-09-21
    severity Moderate
    title RHSA-2011:1325: evolution28-pango security update (Moderate)
  • bugzilla
    id 733118
    title CVE-2011-3193 qt/harfbuzz buffer overflow
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment pango is earlier than 0:1.14.9-8.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111326001
          • comment pango is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090476011
        • AND
          • comment pango-devel is earlier than 0:1.14.9-8.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111326003
          • comment pango-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20090476013
    rhsa
    id RHSA-2011:1326
    released 2011-09-21
    severity Moderate
    title RHSA-2011:1326: pango security update (Moderate)
  • bugzilla
    id 733118
    title CVE-2011-3193 qt/harfbuzz buffer overflow
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • comment frysk is earlier than 0:0.0.1.2007.08.03-8.el4
        oval oval:com.redhat.rhsa:tst:20111327001
      • comment frysk is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20111327002
    rhsa
    id RHSA-2011:1327
    released 2011-09-21
    severity Moderate
    title RHSA-2011:1327: frysk security update (Moderate)
  • rhsa
    id RHSA-2011:1323
  • rhsa
    id RHSA-2011:1328
rpms
  • phonon-backend-gstreamer-1:4.6.2-17.el6_1.1
  • qt-1:4.6.2-17.el6_1.1
  • qt-debuginfo-1:4.6.2-17.el6_1.1
  • qt-demos-1:4.6.2-17.el6_1.1
  • qt-devel-1:4.6.2-17.el6_1.1
  • qt-doc-1:4.6.2-17.el6_1.1
  • qt-examples-1:4.6.2-17.el6_1.1
  • qt-mysql-1:4.6.2-17.el6_1.1
  • qt-odbc-1:4.6.2-17.el6_1.1
  • qt-postgresql-1:4.6.2-17.el6_1.1
  • qt-sqlite-1:4.6.2-17.el6_1.1
  • qt-x11-1:4.6.2-17.el6_1.1
  • qt4-0:4.2.1-1.el5_7.1
  • qt4-debuginfo-0:4.2.1-1.el5_7.1
  • qt4-devel-0:4.2.1-1.el5_7.1
  • qt4-doc-0:4.2.1-1.el5_7.1
  • qt4-mysql-0:4.2.1-1.el5_7.1
  • qt4-odbc-0:4.2.1-1.el5_7.1
  • qt4-postgresql-0:4.2.1-1.el5_7.1
  • qt4-sqlite-0:4.2.1-1.el5_7.1
  • evolution28-pango-0:1.14.9-13.el4_11
  • evolution28-pango-debuginfo-0:1.14.9-13.el4_11
  • evolution28-pango-devel-0:1.14.9-13.el4_11
  • pango-0:1.14.9-8.el5_7.3
  • pango-debuginfo-0:1.14.9-8.el5_7.3
  • pango-devel-0:1.14.9-8.el5_7.3
  • frysk-0:0.0.1.2007.08.03-8.el4
  • frysk-debuginfo-0:0.0.1.2007.08.03-8.el4
  • phonon-backend-gstreamer-1:4.6.2-20.el6
  • qt-1:4.6.2-20.el6
  • qt-debuginfo-1:4.6.2-20.el6
  • qt-demos-1:4.6.2-20.el6
  • qt-devel-1:4.6.2-20.el6
  • qt-doc-1:4.6.2-20.el6
  • qt-examples-1:4.6.2-20.el6
  • qt-mysql-1:4.6.2-20.el6
  • qt-odbc-1:4.6.2-20.el6
  • qt-postgresql-1:4.6.2-20.el6
  • qt-sqlite-1:4.6.2-20.el6
  • qt-x11-1:4.6.2-20.el6
refmap via4
bid 49723
confirm
misc
mlist
  • [oss-security] 20120822 CVE request: libqt4: two memory issues
  • [oss-security] 20120824 Re: CVE request: libqt4: two memory issues
  • [oss-security] 20120825 Re: CVE request: libqt4: two memory issues
osvdb 75652
secunia
  • 41537
  • 46117
  • 46118
  • 46119
  • 46128
  • 46371
  • 46410
  • 49895
suse
  • SUSE-SU-2011:1113
  • openSUSE-SU-2011:1119
  • openSUSE-SU-2011:1120
ubuntu USN-1504-1
xf pango-harfbuzz-bo(69991)
Last major update 04-08-2020 - 13:20
Published 16-06-2012 - 00:55
Last modified 04-08-2020 - 13:20
Back to Top