CVE-2019-18397
fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib/fribidi-bidi.c leading to denial of service and possible code execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.
Un desbordamiento de búfer en la función fribidi_get_par_embedding_levels_ex() en la biblioteca lib/fribidi-bidi.c de GNU FriBidi versiones hasta 1.0.7, permite a un atacante causar una denegación de servicio o posiblemente ejecutar código arbitrario al entregar contenido de texto diseñado a un usuario, cuando este contenido es entonces renderizado mediante una aplicación que utiliza FriBidi para los cálculos de diseño de texto. Los ejemplos incluyen cualquier aplicación basada en GNOME o GTK+ que use Pango para el diseño de texto, ya que esto utiliza internamente FriBidi para el diseño de texto bidireccional. Por ejemplo, el atacante puede construir un archivo de texto diseñado para abrirse en GEdit, o un mensaje IRC diseñado para ser visualizado en HexChat.
A heap-based buffer overflow vulnerability was found in GNU FriBidi, an implementation of the Unicode Bidirectional Algorithm (bidi). When the flaw is triggered it's possible to manipulate the heap contents, leading to memory corruption causing a denial of service and to arbitrary code execution. The highest threat from this flaw to both data and system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-10-24 CVE Reserved
- 2019-11-08 CVE Published
- 2024-08-05 CVE Updated
- 2024-11-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944327 | Issue Tracking | |
| https://marc.info/?l=oss-security&m=157322128105807&w=2 | Third Party Advisory | |
| https://security-tracker.debian.org/tracker/CVE-2019-18397 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Fribidi Search vendor "Gnu" for product "Fribidi" | >= 1.0.0 <= 1.0.7 Search vendor "Gnu" for product "Fribidi" and version " >= 1.0.0 <= 1.0.7" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||