Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2011-0064
HistoryMar 07, 2011 - 9:00 p.m.

CVE-2011-0064

2011-03-0721:00:00
NVD-CWE-Other
[email protected]
web.nvd.nist.gov
35
cve-2011-0064
harfbuzz
pango
firefox
nvd
memory reallocations
denial of service
null pointer dereference
application crash
opentype font data
arbitrary code

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.136 Low

EPSS

Percentile

95.6%

JSON

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

References

Related

openvas 10
debian 1
fedora 1
nessus 11
ubuntucve 1
redhat 1
oraclelinux 1
securityvulns 3
debiancve 1
prion 1
ubuntu 1
gentoo 1
rosalinux 1
openvas
openvas
Fedora Update for pango FEDORA-2011-3194
2011-03-24 00:00:00
Debian: Security Advisory (DSA-2178-1)
2011-03-09 00:00:00
Oracle: Security Advisory (ELSA-2011-0309)
2015-10-06 00:00:00
debian
debian
[SECURITY] [DSA 2178-1] pango1.0 security update
2011-03-02 20:11:06
fedora
fedora
[SECURITY] Fedora 14 Update: pango-1.28.1-5.fc14
2011-03-16 19:54:59
nessus
nessus
Debian DSA-2178-1 : pango1.0 - NULL pointer dereference
2011-03-03 00:00:00
Fedora 14 : pango-1.28.1-5.fc14 (2011-3194)
2011-03-17 00:00:00
Scientific Linux Security Update : pango on SL6.x i386/x86_64
2012-08-01 00:00:00
ubuntucve
ubuntucve
CVE-2011-0064
2011-03-01 00:00:00
redhat
redhat
(RHSA-2011:0309) Critical: pango security update
2011-03-01 00:00:00
oraclelinux
oraclelinux
pango security update
2011-03-01 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2178-1] pango1.0 security update
2011-03-03 00:00:00
Pango library NULL pointer dereference
2011-03-03 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
debiancve
debiancve
CVE-2011-0064
2011-03-07 21:00:00
prion
prion
Null pointer dereference
2011-03-07 21:00:00
ubuntu
ubuntu
Pango vulnerabilities
2011-03-02 00:00:00
gentoo
gentoo
Pango: Multiple vulnerabilities
2014-05-17 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2371
2024-03-12 12:37:38

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.136 Low

EPSS

Percentile

95.6%

JSON
Related for CVE-2011-0064
openvas10debian1fedora1nessus11ubuntucve1redhat1oraclelinux1securityvulns3debiancve1prion1ubuntu1gentoo1rosalinux1