CVE-2010-3444

2011-01-1103:00:01

CWE-119

redhat

web.nvd.nist.gov

cve

buffer overflow

log2vis_utf8 function

gnu fribidi

pyfribidi

nvd

security vulnerability

denial of service

remote code execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.228

Percentile

96.5%

JSON

Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string that causes original 2-byte UTF-8 sequences to be transformed into 3-byte sequences.

Affected configurations

Nvd

Node

fribidignu_fribidiMatch0.19.1

fribidignu_fribidiMatch0.19.2

AND

kobi_zamirpyfribidiMatch0.10.1

VendorProductVersionCPE
fribidignu_fribidi0.19.1cpe:2.3:a:fribidi:gnu_fribidi:0.19.1:*:*:*:*:*:*:*
fribidignu_fribidi0.19.2cpe:2.3:a:fribidi:gnu_fribidi:0.19.2:*:*:*:*:*:*:*
kobi_zamirpyfribidi0.10.1cpe:2.3:a:kobi_zamir:pyfribidi:0.10.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fribidi	gnu_fribidi	0.19.1	cpe:2.3:a:fribidi:gnu_fribidi:0.19.1:::::::*
fribidi	gnu_fribidi	0.19.2	cpe:2.3:a:fribidi:gnu_fribidi:0.19.2:::::::*
kobi_zamir	pyfribidi	0.10.1	cpe:2.3:a:kobi_zamir:pyfribidi:0.10.1:::::::*