Buffer overflow in Gnome Pango
CVE-2011-3193
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code…
Vulnerability class: Buffer Overflow
EPSS: 0.075 (93.7th percentile) — read the EPSS interpretation.
Affected products
- Gnome Pango
- Qt
- Canonical Ubuntu_linux — versions 10.04, 11.04
- Opensuse — versions 11.3, 11.4
- Redhat Enterprise_linux_desktop — versions 4.0, 5.0, 6.0
- Redhat Enterprise_linux_eus — versions 6.1
- Redhat Enterprise_linux_server — versions 4.0, 5.0, 6.0
- Redhat Enterprise_linux_workstation — versions 4.0, 5.0, 6.0
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- secalert@redhat.com (Patch, x_refsource_MISC, Vendor Advisory)
- secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- secalert@redhat.com (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- secalert@redhat.com (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- secalert@redhat.com (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)