Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2011-3193 First vendor Publication 2012-06-15
Vendor Cve Last vendor Modification 2020-08-04

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3193

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21629
 
Oval ID: oval:org.mitre.oval:def:21629
Title: RHSA-2011:1326: pango security update (Moderate)
Description: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Family: unix Class: patch
Reference(s): RHSA-2011:1326-01
CESA-2011:1326
CVE-2011-3193
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): pango
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22150
 
Oval ID: oval:org.mitre.oval:def:22150
Title: RHSA-2011:1324: qt4 security update (Moderate)
Description: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Family: unix Class: patch
Reference(s): RHSA-2011:1324-01
CESA-2011:1324
CVE-2007-0242
CVE-2011-3193
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): qt4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23280
 
Oval ID: oval:org.mitre.oval:def:23280
Title: ELSA-2011:1326: pango security update (Moderate)
Description: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Family: unix Class: patch
Reference(s): ELSA-2011:1326-01
CVE-2011-3193
Version: 6
Platform(s): Oracle Linux 5
Product(s): pango
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23408
 
Oval ID: oval:org.mitre.oval:def:23408
Title: ELSA-2011:1324: qt4 security update (Moderate)
Description: Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Family: unix Class: patch
Reference(s): ELSA-2011:1324-01
CVE-2007-0242
CVE-2011-3193
Version: 13
Platform(s): Oracle Linux 5
Product(s): qt4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27393
 
Oval ID: oval:org.mitre.oval:def:27393
Title: DEPRECATED: ELSA-2011-1326 -- pango security update (moderate)
Description: [1.14.9.8.0.1.el5_7.3] - Bump release [1.14.9.8.el5_1.3] - Prevent buffer overflow errors in harfbuzz module (CVE-2011-3193) - Resolves: #737819
Family: unix Class: patch
Reference(s): ELSA-2011-1326
CVE-2011-3193
Version: 4
Platform(s): Oracle Linux 5
Product(s): pango
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28061
 
Oval ID: oval:org.mitre.oval:def:28061
Title: DEPRECATED: ELSA-2011-1324 -- qt4 security update (moderate)
Description: [4.2.1-1.1] - Resolves: #737815, qt/harfbuzz buffer overflow, CVE-2011-3193 - Resolves: #234633, UTF-8 overlong sequence decoding vulnerability, CVE-2007-0242
Family: unix Class: patch
Reference(s): ELSA-2011-1324
CVE-2007-0242
CVE-2011-3193
Version: 4
Platform(s): Oracle Linux 5
Product(s): qt4
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 35
Application 103
Os 2
Os 2
Os 3
Os 1
Os 3
Os 3

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for qt4 CESA-2011:1324 centos5 x86_64
File : nvt/gb_CESA-2011_1324_qt4_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for evolution28-pango CESA-2011:1325 centos4 x86_64
File : nvt/gb_CESA-2011_1325_evolution28-pango_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for pango CESA-2011:1326 centos5 x86_64
File : nvt/gb_CESA-2011_1326_pango_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for frysk CESA-2011:1327 centos4 x86_64
File : nvt/gb_CESA-2011_1327_frysk_centos4_x86_64.nasl
2012-07-16 Name : Ubuntu Update for qt4-x11 USN-1504-1
File : nvt/gb_ubuntu_USN_1504_1.nasl
2012-07-09 Name : RedHat Update for qt RHSA-2011:1323-01
File : nvt/gb_RHSA-2011_1323-01_qt.nasl
2011-09-23 Name : CentOS Update for qt4 CESA-2011:1324 centos5 i386
File : nvt/gb_CESA-2011_1324_qt4_centos5_i386.nasl
2011-09-23 Name : CentOS Update for evolution28-pango CESA-2011:1325 centos4 i386
File : nvt/gb_CESA-2011_1325_evolution28-pango_centos4_i386.nasl
2011-09-23 Name : CentOS Update for pango CESA-2011:1326 centos5 i386
File : nvt/gb_CESA-2011_1326_pango_centos5_i386.nasl
2011-09-23 Name : CentOS Update for frysk CESA-2011:1327 centos4 i386
File : nvt/gb_CESA-2011_1327_frysk_centos4_i386.nasl
2011-09-23 Name : RedHat Update for qt4 RHSA-2011:1324-01
File : nvt/gb_RHSA-2011_1324-01_qt4.nasl
2011-09-23 Name : RedHat Update for evolution28-pango RHSA-2011:1325-01
File : nvt/gb_RHSA-2011_1325-01_evolution28-pango.nasl
2011-09-23 Name : RedHat Update for pango RHSA-2011:1326-01
File : nvt/gb_RHSA-2011_1326-01_pango.nasl
2011-09-23 Name : RedHat Update for frysk RHSA-2011:1327-01
File : nvt/gb_RHSA-2011_1327-01_frysk.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
75652 Qt src/3rdparty/harfbuzz/src/harfbuzz-gpos.c Font Handling Overflow

Nessus® Vulnerability Scanner

Date Description
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-117.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_libQtWebKit-devel-110908.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libQtWebKit-devel-110908.nasl - Type : ACT_GATHER_INFO
2013-11-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201311-14.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1326.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-1327.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1325.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1324.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1323.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110921_qt_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110921_qt4_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110921_pango_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110921_frysk_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110921_evolution28_pango_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-07-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1504-1.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libQtWebKit-devel-110908.nasl - Type : ACT_GATHER_INFO
2011-09-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1325.nasl - Type : ACT_GATHER_INFO
2011-09-23 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2011-1327.nasl - Type : ACT_GATHER_INFO
2011-09-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1328.nasl - Type : ACT_GATHER_INFO
2011-09-22 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-1327.nasl - Type : ACT_GATHER_INFO
2011-09-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1326.nasl - Type : ACT_GATHER_INFO
2011-09-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1325.nasl - Type : ACT_GATHER_INFO
2011-09-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1324.nasl - Type : ACT_GATHER_INFO
2011-09-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1323.nasl - Type : ACT_GATHER_INFO
2011-09-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1326.nasl - Type : ACT_GATHER_INFO
2011-09-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1324.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/49723
CONFIRM http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4...
https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c
MISC http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd...
http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7...
MLIST http://www.openwall.com/lists/oss-security/2011/08/22/6
http://www.openwall.com/lists/oss-security/2011/08/24/8
http://www.openwall.com/lists/oss-security/2011/08/25/1
OSVDB http://www.osvdb.org/75652
REDHAT http://rhn.redhat.com/errata/RHSA-2011-1323.html
http://rhn.redhat.com/errata/RHSA-2011-1324.html
http://rhn.redhat.com/errata/RHSA-2011-1325.html
http://rhn.redhat.com/errata/RHSA-2011-1326.html
http://rhn.redhat.com/errata/RHSA-2011-1327.html
http://rhn.redhat.com/errata/RHSA-2011-1328.html
SECUNIA http://secunia.com/advisories/41537
http://secunia.com/advisories/46117
http://secunia.com/advisories/46118
http://secunia.com/advisories/46119
http://secunia.com/advisories/46128
http://secunia.com/advisories/46371
http://secunia.com/advisories/46410
http://secunia.com/advisories/49895
SUSE http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html
http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html
https://hermes.opensuse.org/messages/12056605
UBUNTU http://www.ubuntu.com/usn/USN-1504-1
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/69991

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2020-08-04 17:22:46
  • Multiple Updates
2020-05-23 01:46:32
  • Multiple Updates
2020-05-23 00:30:58
  • Multiple Updates
2017-08-29 09:23:30
  • Multiple Updates
2016-06-28 18:48:10
  • Multiple Updates
2016-04-26 21:01:57
  • Multiple Updates
2015-03-27 13:27:49
  • Multiple Updates
2014-06-14 13:31:30
  • Multiple Updates
2014-02-17 11:04:45
  • Multiple Updates
2013-05-10 23:06:17
  • Multiple Updates
2013-02-07 21:20:54
  • Multiple Updates