Lucene search

K

[email protected]CVE-2009-1194

HistoryMay 11, 2009 - 3:30 p.m.

CVE-2009-1194

2009-05-1115:30:00

CWE-189

[email protected]

web.nvd.nist.gov

44

cve-2009-1194

integer overflow

pango

buffer overflow

denial of service

arbitrary code execution

nvd

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.3%

Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.

CPENameOperatorVersion
pango:pangopangoeq1.6
pango:pangopangoeq1.14
pango:pangopangoeq1.16
pango:pangopangoeq1.8
pango:pangopangoeq1.4
pango:pangopangole1.22
pango:pangopangoeq1.10
pango:pangopangoeq1.2
pango:pangopangoeq1.18
pango:pangopangoeq1.12

Rows per page:

1-10 of 111

References

github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e

lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html

osvdb.org/54279

secunia.com/advisories/35018

secunia.com/advisories/35021

secunia.com/advisories/35027

secunia.com/advisories/35038

secunia.com/advisories/35685

secunia.com/advisories/35914

secunia.com/advisories/36005

secunia.com/advisories/36145

sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

www.debian.org/security/2009/dsa-1798

www.mozilla.org/security/announce/2009/mfsa2009-36.html

www.ocert.org/advisories/ocert-2009-001.html

www.openwall.com/lists/oss-security/2009/05/07/1

www.redhat.com/support/errata/RHSA-2009-0476.html

www.securityfocus.com/archive/1/503349/100/0/threaded

www.securityfocus.com/bid/34870

www.securityfocus.com/bid/35758

www.securitytracker.com/id?1022196

www.ubuntu.com/usn/USN-773-1

www.vupen.com/english/advisories/2009/1269

www.vupen.com/english/advisories/2009/1972

bugzilla.mozilla.org/show_bug.cgi?id=480134

bugzilla.redhat.com/show_bug.cgi?id=496887

exchange.xforce.ibmcloud.com/vulnerabilities/50397

launchpad.net/bugs/cve/2009-1194

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.3%

Related for CVE-2009-1194

openvas37 nessus26 veracode1 securityvulns4 debian1 freebsd1 oraclelinux1 ubuntucve1 debiancve1 centos1 redhat1 ubuntu1 prion2 cve1 mozilla1 gentoo1 suse2 seebug1