CVE-2011-0064

pango: missing memory reallocation failure checking in hb_buffer_ensure

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

La función hb_buffer_ensure en hb-buffer.c de HarfBuzz, como el usuado en Pango v1.28.3,Firefox otros productos, no verifica que las reasignaciones de memoria sean exitosas, lo que permite a atacantes remotos provocar una denegación de servicio (desreferenciar el puntero a NULL y bloqueo de la aplicación) o posiblemente ejecutar código arbitrario a través de datos manipulados con fuente OpenType que provoca el uso de un índice incorrecto.

Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph Definition (GDEF) tables. If a user were tricked into displaying text with a specially-crafted font, an attacker could cause Pango to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10. Dan Rosenberg discovered that Pango incorrectly handled certain FT_Bitmap objects. If a user were tricked into displaying text with a specially- crafted font, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. The default compiler options for affected releases should reduce the vulnerability to a denial of service. It was discovered that Pango incorrectly handled certain memory reallocation failures. If a user were tricked into displaying text in a way that would cause a reallocation failure, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-12-21 CVE Reserved
2011-03-02 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (24)

URL	Tag	Source
http://secunia.com/advisories/43800	Third Party Advisory
http://securitytracker.com/id?1025145	Vdb Entry
http://www.securityfocus.com/bid/46632	Vdb Entry
http://www.vupen.com/english/advisories/2011/0584	Vdb Entry
http://www.vupen.com/english/advisories/2011/0683	Vdb Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=606997	X_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=672502	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/65770	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9	2021-07-14
https://bugzilla.redhat.com/show_bug.cgi?id=678563	2011-03-01
https://build.opensuse.org/request/show/63070	2021-07-14

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html	2021-07-14
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html	2021-07-14
http://secunia.com/advisories/43559	2021-07-14
http://secunia.com/advisories/43572	2021-07-14
http://secunia.com/advisories/43578	2021-07-14
http://www.debian.org/security/2011/dsa-2178	2021-07-14
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040	2021-07-14
http://www.redhat.com/support/errata/RHSA-2011-0309.html	2021-07-14
http://www.ubuntu.com/usn/USN-1082-1	2021-07-14
http://www.vupen.com/english/advisories/2011/0543	2021-07-14
http://www.vupen.com/english/advisories/2011/0555	2021-07-14
http://www.vupen.com/english/advisories/2011/0558	2021-07-14
https://access.redhat.com/security/cve/CVE-2011-0064	2011-03-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnome Search vendor "Gnome"		Pango Search vendor "Gnome" for product "Pango"				1.28.3 Search vendor "Gnome" for product "Pango" and version "1.28.3"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				*		-		Affected