This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Pango First view 2009-05-11
Product Pango Last view 2011-01-24
Version 0.23 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:pango:pango

Activity : Overall

Related : CVE

  Date Alert Description
7.6 2011-01-24 CVE-2011-0020

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
6.8 2009-05-11 CVE-2009-1194

Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-189 Numeric Errors
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
70596 Pango pango/pangoft2-render.c pango_ft2_font_render_box_glyph() Function Over...
54279 Pango pango/glyphstring.c pango_glyph_string_set_size Function Overflow

OpenVAS Exploits

id Description
2012-07-30 Name : CentOS Update for evolution28-pango CESA-2011:0180 centos4 x86_64
File : nvt/gb_CESA-2011_0180_evolution28-pango_centos4_x86_64.nasl
2011-08-09 Name : CentOS Update for evolution28-pango CESA-2009:0476 centos4 i386
File : nvt/gb_CESA-2009_0476_evolution28-pango_centos4_i386.nasl
2011-08-09 Name : CentOS Update for pango CESA-2009:0476 centos3 i386
File : nvt/gb_CESA-2009_0476_pango_centos3_i386.nasl
2011-08-09 Name : CentOS Update for pango CESA-2009:0476 centos5 i386
File : nvt/gb_CESA-2009_0476_pango_centos5_i386.nasl
2011-03-07 Name : Ubuntu Update for pango1.0 vulnerabilities USN-1082-1
File : nvt/gb_ubuntu_USN_1082_1.nasl
2011-02-11 Name : CentOS Update for evolution28-pango CESA-2011:0180 centos4 i386
File : nvt/gb_CESA-2011_0180_evolution28-pango_centos4_i386.nasl
2011-01-31 Name : RedHat Update for pango RHSA-2011:0180-01
File : nvt/gb_RHSA-2011_0180-01_pango.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:158-3 (pango)
File : nvt/mdksa_2009_158_3.nasl
2009-11-23 Name : Mandriva Security Advisory MDVSA-2009:158-2 (pango)
File : nvt/mdksa_2009_158_2.nasl
2009-11-17 Name : Mandriva Security Advisory MDVSA-2009:158-1 (pango)
File : nvt/mdksa_2009_158_1.nasl
2009-10-11 Name : SLES11: Security update for pango
File : nvt/sles11_pango.nasl
2009-10-11 Name : SLES11: Security update for MozillaFirefox
File : nvt/sles11_MozillaFirefox4.nasl
2009-08-17 Name : Mandrake Security Advisory MDVSA-2009:175 (pango)
File : nvt/mdksa_2009_175.nasl
2009-07-29 Name : SuSE Security Advisory SUSE-SA:2009:039 (MozillaFirefox)
File : nvt/suse_sa_2009_039.nasl
2009-07-06 Name : SuSE Security Summary SUSE-SR:2009:012
File : nvt/suse_sr_2009_012.nasl
2009-06-05 Name : Ubuntu USN-771-1 (libmodplug)
File : nvt/ubuntu_771_1.nasl
2009-06-05 Name : Ubuntu USN-772-1 (mpfr)
File : nvt/ubuntu_772_1.nasl
2009-06-05 Name : Ubuntu USN-773-1 (pango1.0)
File : nvt/ubuntu_773_1.nasl
2009-05-22 Name : Pango Integer Buffer Overflow Vulnerability
File : nvt/secpod_pango_bof_vuln.nasl
2009-05-20 Name : FreeBSD Ports: pango, linux-pango, linux-f8-pango
File : nvt/freebsd_pango.nasl
2009-05-11 Name : CentOS Security Advisory CESA-2009:0476 (pango)
File : nvt/ovcesa2009_0476.nasl
2009-05-11 Name : Debian Security Advisory DSA 1798-1 (pango1.0)
File : nvt/deb_1798_1.nasl
2009-05-11 Name : RedHat Security Advisory RHSA-2009:0476
File : nvt/RHSA_2009_0476.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_libpango-1_0-0-110301.nasl - Type: ACT_GATHER_INFO
2014-05-19 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201405-13.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-1162.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-0180.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-0476.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20090508_pango_on_SL3_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110127_pango_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2011-12-13 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_firefox3-pango-7459.nasl - Type: ACT_GATHER_INFO
2011-05-23 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_firefox3-pango-7460.nasl - Type: ACT_GATHER_INFO
2011-05-05 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_libpango-1_0-0-110301.nasl - Type: ACT_GATHER_INFO
2011-03-24 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_pango-110301.nasl - Type: ACT_GATHER_INFO
2011-03-03 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1082-1.nasl - Type: ACT_GATHER_INFO
2011-02-06 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2011-0180.nasl - Type: ACT_GATHER_INFO
2011-02-04 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2011-020.nasl - Type: ACT_GATHER_INFO
2011-01-28 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2011-0180.nasl - Type: ACT_GATHER_INFO
2010-10-21 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_firefox3-pango-7097.nasl - Type: ACT_GATHER_INFO
2010-10-11 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_pango-6800.nasl - Type: ACT_GATHER_INFO
2010-02-15 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_pango-100119.nasl - Type: ACT_GATHER_INFO
2010-02-15 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_pango-100119.nasl - Type: ACT_GATHER_INFO
2010-02-12 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_pango-6801.nasl - Type: ACT_GATHER_INFO
2010-02-12 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_pango-100127.nasl - Type: ACT_GATHER_INFO
2010-02-12 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_12575.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2009-1162.nasl - Type: ACT_GATHER_INFO
2009-10-06 Name: The remote openSUSE host is missing a security update.
File: suse_MozillaFirefox-6379.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_MozillaFirefox-090724.nasl - Type: ACT_GATHER_INFO