CVE-2012-1176 : Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a de

Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service (application crash) via a 4-byte utf-8 sequence.

Published 2012-08-26 20:55:01

Updated 2017-08-29 01:31:14

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2012-1176

Probability of exploitation activity in the next 30 days: 9.72%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-1176

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2012-1176

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-1176

http://www.openwall.com/lists/oss-security/2012/03/14/9

oss-security - Re: CVE request: pyfribidi buffer overflow flaw
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076038.html

[SECURITY] Fedora 16 Update: pyfribidi-0.11.0-1.fc16
http://www.openwall.com/lists/oss-security/2012/03/14/4

oss-security - CVE request: pyfribidi buffer overflow flaw
https://exchange.xforce.ibmcloud.com/vulnerabilities/74001

FriBidi Python binding utf-8 buffer overflow CVE-2012-1176 Vulnerability Report
https://github.com/pediapress/pyfribidi/commit/d2860c655357975e7b32d84e6b45e98f0dcecd7a

refactor pyfribidi.c module · pediapress/pyfribidi@d2860c6 · GitHub
https://bugzilla.wikimedia.org/show_bug.cgi?id=35055

⚓ T37055 backtrace when getting a PDF
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075293.html

[SECURITY] Fedora 17 Update: pyfribidi-0.11.0-1.fc17
https://bugzilla.redhat.com/show_bug.cgi?id=801896

801896 – (CVE-2012-1176) CVE-2012-1176 pyfribidi: buffer overflow when handling 4-byte utf-8 sequences
http://www.securityfocus.com/bid/52451

FriBidi Python binding (pyfribidi) Buffer Overflow Vulnerability
https://github.com/pediapress/pyfribidi/issues/2%29:

Issues · pediapress/pyfribidi · GitHub
http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/aacd036037217998/8d095f85f3665bff?lnk=raot

Bug#663189: buffer overflow in python-pyfribidi - Google Groepen
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663189

#663189 - buffer overflow in python-pyfribidi - Debian Bug report logs
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076053.html

[SECURITY] Fedora 15 Update: pyfribidi-0.11.0-1.fc15

Products affected by CVE-2012-1176

Fribidi » Pyfribidi
Versions up to, including, (<=) 0.10.9
cpe:2.3:a:fribidi:pyfribidi:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-1176

Exploit prediction scoring system (EPSS) score for CVE-2012-1176

CVSS scores for CVE-2012-1176

CWE ids for CVE-2012-1176

References for CVE-2012-1176

Products affected by CVE-2012-1176