Vulnerability Details : CVE-2011-0020
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2011-0020
- cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:pango:1.28.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:pango:1.28.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:pango:1.28.1:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:0.24:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:0.23:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.25:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.24:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.23:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:0.26:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:0.25:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.27:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.26:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:0.20:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:0.22:*:*:*:*:*:*:*
- cpe:2.3:a:pango:pango:0.21:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0020
12.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0020
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
CWE ids for CVE-2011-0020
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0020
-
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:005
-
http://www.redhat.com/support/errata/RHSA-2011-0180.html
Support
-
http://openwall.com/lists/oss-security/2011/01/18/6
oss-security - CVE request: heap corruption in libpangoExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64832
Pango pango_ft2_font_render_box_glyph() buffre overflow CVE-2011-0020 Vulnerability Report
-
http://www.vupen.com/english/advisories/2011/0186
Webmail | OVH- OVHVendor Advisory
-
https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616
Bug #696616 “Heap corruption in font parsing with FreeType2 back...” : Bugs : pango1.0 package : UbuntuExploit
-
http://openwall.com/lists/oss-security/2011/01/20/2
oss-security - Re: CVE request: heap corruption in libpangoExploit
-
http://www.securitytracker.com/id?1024994
Pango Heap Overflow in pango_ft2_font_render_box_glyph() Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.securityfocus.com/bid/45842
Pango Font Parsing 'pangoft2-render.c' Heap Corruption Vulnerability
-
http://www.vupen.com/english/advisories/2011/0238
Webmail | OVH- OVH
-
https://bugzilla.gnome.org/show_bug.cgi?id=639882
Bug 639882 – Heap corruption in font parsing with FreeType2 backend
-
https://bugzilla.redhat.com/show_bug.cgi?id=671122
671122 – (CVE-2011-0020) CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objectsExploit
Jump to