Executive Summary
Summary | |
---|---|
Title | Pango vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1082-1 | First vendor Publication | 2011-03-02 |
Vendor | Ubuntu | Last vendor Modification | 2011-03-02 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: Ubuntu 9.10: Ubuntu 10.04 LTS: Ubuntu 10.10: After a standard system update you need to restart your session to make all the necessary changes. Details follow: Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph Definition (GDEF) tables. If a user were tricked into displaying text with a specially-crafted font, an attacker could cause Pango to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10. (CVE-2010-0421) Dan Rosenberg discovered that Pango incorrectly handled certain FT_Bitmap objects. If a user were tricked into displaying text with a specially- crafted font, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2011-0020) It was discovered that Pango incorrectly handled certain memory reallocation failures. If a user were tricked into displaying text in a way that would cause a reallocation failure, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. (CVE-2011-0064) |
Original Source
Url : http://www.ubuntu.com/usn/USN-1082-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12975 | |||
Oval ID: | oval:org.mitre.oval:def:12975 | ||
Title: | DSA-2178-1 pango1.0 -- NULL pointer dereference | ||
Description: | It was discovered that pango did not check for memory allocation failures, causing a NULL pointer dereference with an adjustable offset. This can lead to application crashes and potentially arbitrary code execution. The oldstable distribution is not affected by this problem. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2178-1 CVE-2011-0064 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | pango1.0 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13691 | |||
Oval ID: | oval:org.mitre.oval:def:13691 | ||
Title: | USN-1082-1 -- pango1.0 vulnerabilities | ||
Description: | Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph Definition tables. If a user were tricked into displaying text with a specially-crafted font, an attacker could cause Pango to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10. Dan Rosenberg discovered that Pango incorrectly handled certain FT_Bitmap objects. If a user were tricked into displaying text with a specially- crafted font, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. The default compiler options for affected releases should reduce the vulnerability to a denial of service. It was discovered that Pango incorrectly handled certain memory reallocation failures. If a user were tricked into displaying text in a way that would cause a reallocation failure, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10 | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1082-1 CVE-2010-0421 CVE-2011-0020 CVE-2011-0064 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | pango1.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20119 | |||
Oval ID: | oval:org.mitre.oval:def:20119 | ||
Title: | DSA-2019-1 pango1.0 - denial of service | ||
Description: | Marc Schoenefeld discovered an improper input sanitisation in Pango, a library for layout and rendering of text, leading to array indexing error. If a local user was tricked into loading a specially-crafted font file in an application, using the Pango font rendering library, it could lead to denial of service (application crash). | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2019-1 CVE-2010-0421 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | pango1.0 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21202 | |||
Oval ID: | oval:org.mitre.oval:def:21202 | ||
Title: | RHSA-2010:0140: pango security update (Moderate) | ||
Description: | Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0140-01 CESA-2010:0140 CVE-2010-0421 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | pango evolution28-pango |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21479 | |||
Oval ID: | oval:org.mitre.oval:def:21479 | ||
Title: | RHSA-2011:0180: pango security update (Moderate) | ||
Description: | Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0180-01 CVE-2011-0020 | Version: | 6 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 | Product(s): | evolution28-pango pango |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21584 | |||
Oval ID: | oval:org.mitre.oval:def:21584 | ||
Title: | RHSA-2011:0309: pango security update (Critical) | ||
Description: | The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0309-01 CVE-2011-0064 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | pango |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22827 | |||
Oval ID: | oval:org.mitre.oval:def:22827 | ||
Title: | ELSA-2010:0140: pango security update (Moderate) | ||
Description: | Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0140-01 CVE-2010-0421 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | pango evolution28-pango |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23405 | |||
Oval ID: | oval:org.mitre.oval:def:23405 | ||
Title: | ELSA-2011:0309: pango security update (Critical) | ||
Description: | The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0309-01 CVE-2011-0064 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | pango |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23645 | |||
Oval ID: | oval:org.mitre.oval:def:23645 | ||
Title: | ELSA-2011:0180: pango security update (Moderate) | ||
Description: | Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0180-01 CVE-2011-0020 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | evolution28-pango pango |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27988 | |||
Oval ID: | oval:org.mitre.oval:def:27988 | ||
Title: | DEPRECATED: ELSA-2011-0309 -- pango security update (critical) | ||
Description: | [1.28.1-3.el6_0.5] - Prevent an integer overflow in hb_buffer_ensure() Related: #679693 [1.28.1-3.el6_0.4] - Check for realloc failures in hb_buffer_ensure() (CVE-2011-0064) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0309 CVE-2011-0064 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | pango |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7607 | |||
Oval ID: | oval:org.mitre.oval:def:7607 | ||
Title: | DSA-2019 pango1.0 -- missing input sanitisation | ||
Description: | Marc Schoenefeld discovered an improper input sanitisation in Pango, a library for layout and rendering of text, leading to array indexing error. If a local user was tricked into loading a specially-crafted font file in an application, using the Pango font rendering library, it could lead to denial of service . | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2019 CVE-2010-0421 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | pango1.0 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9417 | |||
Oval ID: | oval:org.mitre.oval:def:9417 | ||
Title: | Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. | ||
Description: | Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0421 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for evolution28-pango CESA-2011:0180 centos4 x86_64 File : nvt/gb_CESA-2011_0180_evolution28-pango_centos4_x86_64.nasl |
2012-07-09 | Name : RedHat Update for pango RHSA-2011:0309-01 File : nvt/gb_RHSA-2011_0309-01_pango.nasl |
2011-08-09 | Name : CentOS Update for pango CESA-2010:0140 centos5 i386 File : nvt/gb_CESA-2010_0140_pango_centos5_i386.nasl |
2011-03-24 | Name : Fedora Update for pango FEDORA-2011-3194 File : nvt/gb_fedora_2011_3194_pango_fc14.nasl |
2011-03-09 | Name : Debian Security Advisory DSA 2178-1 (pango1.0) File : nvt/deb_2178_1.nasl |
2011-03-07 | Name : Ubuntu Update for pango1.0 vulnerabilities USN-1082-1 File : nvt/gb_ubuntu_USN_1082_1.nasl |
2011-02-11 | Name : CentOS Update for evolution28-pango CESA-2011:0180 centos4 i386 File : nvt/gb_CESA-2011_0180_evolution28-pango_centos4_i386.nasl |
2011-01-31 | Name : RedHat Update for pango RHSA-2011:0180-01 File : nvt/gb_RHSA-2011_0180-01_pango.nasl |
2010-06-25 | Name : Mandriva Update for pango MDVSA-2010:121 (pango) File : nvt/gb_mandriva_MDVSA_2010_121.nasl |
2010-03-22 | Name : CentOS Update for evolution28-pango CESA-2010:0140 centos4 i386 File : nvt/gb_CESA-2010_0140_evolution28-pango_centos4_i386.nasl |
2010-03-22 | Name : CentOS Update for pango CESA-2010:0140 centos3 i386 File : nvt/gb_CESA-2010_0140_pango_centos3_i386.nasl |
2010-03-22 | Name : RedHat Update for pango RHSA-2010:0140-01 File : nvt/gb_RHSA-2010_0140-01_pango.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71247 | Pango pango/opentype/hb-buffer.c hb_buffer_ensure() Memory Corruption A memory corruption flaw exists in Pango. The 'hb_buffer_ensure()' function in 'pango/opentype/hb-buffer.c' fails to properly check the return value of memory reallocation operations, resulting in memory corruption. With specially crafted OpenType font data, a context-dependent attacker can execute arbitrary code. |
70596 | Pango pango/pangoft2-render.c pango_ft2_font_render_box_glyph() Function Over... Pango is prone to an overflow condition. The 'pango_ft2_font_render_box_glyph()' function in 'pango/pangoft2-render.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted font, a context-dependent attacker can cause a denial of service. |
63090 | Pango pango/opentype/hb-ot-layout.cc hb_ot_layout_build_glyph_classes Functio... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libpango-1_0-0-110301.nasl - Type : ACT_GATHER_INFO |
2014-05-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-13.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0140.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0309.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0180.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100315_pango_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110127_pango_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110301_pango_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox3-pango-7459.nasl - Type : ACT_GATHER_INFO |
2011-05-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox3-pango-7460.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpango-1_0-0-110301.nasl - Type : ACT_GATHER_INFO |
2011-03-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_pango-110301.nasl - Type : ACT_GATHER_INFO |
2011-03-17 | Name : The remote Fedora host is missing a security update. File : fedora_2011-3194.nasl - Type : ACT_GATHER_INFO |
2011-03-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-040.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1082-1.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2178.nasl - Type : ACT_GATHER_INFO |
2011-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0309.nasl - Type : ACT_GATHER_INFO |
2011-02-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0180.nasl - Type : ACT_GATHER_INFO |
2011-02-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-020.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0180.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_pango-6895.nasl - Type : ACT_GATHER_INFO |
2010-06-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-121.nasl - Type : ACT_GATHER_INFO |
2010-05-19 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12614.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0140.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_pango-6894.nasl - Type : ACT_GATHER_INFO |
2010-03-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2019.nasl - Type : ACT_GATHER_INFO |
2010-03-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0140.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:58:22 |
|
2013-05-11 00:54:10 |
|