CVE-2019-1010238 – pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. Pango versión 1.42 y posterior de Gnome, está afectada por: Desbordamiento de Búfer. • https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHSA-2019:2571 https://access.redhat.com/errata/RHSA-2019:2582 https://access.redhat.com/errata/RHSA-2019:2594 https://access.redhat.com/errata/RHSA-2019:3234 https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c https://gitlab.gnome.org/GNOME/pango/-/issues/342 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDD • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2018-15120 – Libpango 1.40.8 - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2018-15120
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. libpango en Pango, desde la versión 1.40.8 hasta la 1.42.3, tal y como se emplea en hexcat y otros productos, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) o, posiblemente, cualquier otro tipo de problema mediante texto manipulado con secuencias Unicode inválidas. Libpango version 1.40.8 suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/45263 http://52.117.224.77/xfce4-pdos.webm https://github.com/GNOME/pango/blob/1.42.4/NEWS https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f https://i.redd.it/v7p4n2ptu0s11.jpg https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html https://security.gentoo.org/glsa/201811-07 https://usn.ubuntu.com/3750-1 https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-3193 – qt/harfbuzz buffer overflow
https://notcve.org/view.php?id=CVE-2011-3193
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. Desbordamiento de buffer de memoria dinámica en la función Lookup_MarkMarkPos del módulo HarfBuzz (harfbuzz-gpos.c), tal como se usa en Qt anteriores a 4.7.4 y Pango. Permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un archivo de fuentes modificado. • http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65 http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08 http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0 http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html http://rhn.redhat.com/errata/RHSA-2011-1323.html http://rhn.redhat.com/errata/RH • CWE-787: Out-of-bounds Write •
CVE-2011-0064 – pango: missing memory reallocation failure checking in hb_buffer_ensure
https://notcve.org/view.php?id=CVE-2011-0064
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. La función hb_buffer_ensure en hb-buffer.c de HarfBuzz, como el usuado en Pango v1.28.3,Firefox otros productos, no verifica que las reasignaciones de memoria sean exitosas, lo que permite a atacantes remotos provocar una denegación de servicio (desreferenciar el puntero a NULL y bloqueo de la aplicación) o posiblemente ejecutar código arbitrario a través de datos manipulados con fuente OpenType que provoca el uso de un índice incorrecto. • http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://secunia.com/advisories/43559 http://secunia.com/advisories/43572 http://secunia.com/advisories/43578 http://secunia.com/advisories/43800 http://securitytracker.com/id?1025145 http://www.debian.org/security/2011/dsa-2178 http://www.mandriva.com/security& •
CVE-2011-0020 – Pango Font Parsing - 'pangoft2-render.c' Heap Corruption
https://notcve.org/view.php?id=CVE-2011-0020
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. Desbordamiento de búfer basado en memoria dinámica en la función pango_ft2_font_render_box_glyph en pango/pangoft2-render.c de libpango en Pango v1.28.3 y anteriores ,cuando el Backend FreeType2 está activo permite a atacantes remotos causar una denegación de servicio (cuelgue) o ejecutar código arbitrario a través de una a través de un archivo de fuentes manipulado, relacionado con una estuctura Glyph para un objeto de FT_Bitmap. • https://www.exploit-db.com/exploits/35232 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://openwall.com/lists/oss-security/2011/01/18/6 http://openwall.com/lists/oss-security/2011/01/20/2 http://osvdb.org/70596 http://secunia.com/advisories/42934 http://secunia.com/advisories/43100 http://www.redhat.com/support/errata/RHSA-2011-0180.html http://www.securityfocus.com/bid/45842 http://www.securitytracker.com/id?1024994 http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •