NVD

Id
7159  
Name
CVE-2011-0020  
Description
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.  
Reject
 
CVSS Version
2  
CVSS Score
7.6  
Severity
High  
CVSS Base Score
7.6  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2011-01-24  
Modified Date
2014-02-11  
Seq
2011-0020  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
40119 7159 CVE-2011-0020 SUSE-SR:2011:005  View
40120 7159 CVE-2011-0020 [oss-security] 20110118 CVE request: heap corruption in libpango  View
40121 7159 CVE-2011-0020 [oss-security] 20110120 Re: CVE request: heap corruption in libpango  View
40122 7159 CVE-2011-0020 RHSA-2011:0180  View
40123 7159 CVE-2011-0020 45842  View
40124 7159 CVE-2011-0020 1024994  View
40125 7159 CVE-2011-0020 ADV-2011-0186  View
40126 7159 CVE-2011-0020 ADV-2011-0238  View
40127 7159 CVE-2011-0020 pango-pango-bo(64832)  View
40128 7159 CVE-2011-0020 https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616  View
40129 7159 CVE-2011-0020 https://bugzilla.gnome.org/show_bug.cgi?id=639882  View
40130 7159 CVE-2011-0020 https://bugzilla.redhat.com/show_bug.cgi?id=671122  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
30901 JVNDB-2011-001140 Pango の pango_ft2_font_render_box_glyph 関数におけるヒープベースのバッファオーバーフローの脆弱性 Pango の libpango 内にある pango/pangoft2-render.c の pango_ft2_font_render_box_glyph 関数は、Freetype2 のバックエンドが有効な際、ヒープベースのバッファオーバーフローの脆弱性が存在します。 CVE-2011-0020 47927 CVE-2011-0020 7159 7.6 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001140.html 2011-01-24 2011-02-28 View