Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2009-36
HistoryJul 21, 2009 - 12:00 a.m.

Heap/integer overflows in font glyph rendering libraries — Mozilla

2009-07-2100:00:00
Mozilla Foundation
www.mozilla.org
10

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.081 Low

EPSS

Percentile

94.3%

JSON

oCERT security researcher Will Drewry reported a series of heap and integer overflow vulnerabilities which independently affected multiple font glyph rendering libraries. On Linux platforms libpango was susceptible to the vulnerabilities while on OS X CoreGraphics was similarly vulnerable. An attacker could trigger these overflows by constructing a very large text run for the browser to display. Such an overflow can result in a crash which the attacker could potentially use to run arbitrary code on a victim’s computer.

CPENameOperatorVersion
firefoxlt3.0.12
firefoxlt3.5

Related

securityvulns 4
cve 2
prion 2
openvas 43
gentoo 1
nessus 31
veracode 1
debian 1
freebsd 1
oraclelinux 1
ubuntucve 1
debiancve 1
centos 1
redhat 1
ubuntu 1
seebug 1
suse 2
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-36
2009-07-22 00:00:00
Pango library integer overflow
2009-05-07 00:00:00
[oCERT-2009-001] Pango integer overflow in heap allocation size calculations
2009-05-07 00:00:00
cve
cve
CVE-2009-2468
2009-07-22 18:30:00
CVE-2009-1194
2009-05-11 15:30:00
prion
prion
Integer overflow
2009-07-22 18:30:00
Integer overflow
2009-05-11 15:30:00
openvas
openvas
Gentoo Security Advisory GLSA 201405-13
2015-09-29 00:00:00
Mandrake Security Advisory MDVSA-2009:175 (pango)
2009-08-17 00:00:00
Mandriva Security Advisory MDVSA-2009:158-2 (pango)
2009-11-23 00:00:00
gentoo
gentoo
Pango: Multiple vulnerabilities
2014-05-17 00:00:00
nessus
nessus
GLSA-201405-13 : Pango: Multiple vulnerabilities
2014-05-19 00:00:00
SuSE 11 Security Update : pango (SAT Patch Number 825)
2009-09-24 00:00:00
Mandriva Linux Security Advisory : pango (MDVSA-2009:158-3)
2009-07-24 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:34:28
debian
debian
[SECURITY] [DSA 1798-1] New pango1.0 packages fix arbitrary code execution
2009-05-10 09:29:15
freebsd
freebsd
pango -- integer overflow
2009-02-22 00:00:00
oraclelinux
oraclelinux
pango security update
2009-05-08 00:00:00
ubuntucve
ubuntucve
CVE-2009-1194
2009-05-11 00:00:00
debiancve
debiancve
CVE-2009-1194
2009-05-11 15:30:00
centos
centos
evolution28, pango security update
2009-05-08 21:06:55
redhat
redhat
(RHSA-2009:0476) Important: pango security update
2009-05-08 00:00:00
ubuntu
ubuntu
Pango vulnerability
2009-05-07 00:00:00
seebug
seebug
Mozilla Firefox MFSA存在多个安全漏洞
2009-07-24 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-07-27 13:06:57
remote code execution in MozillaFirefox
2009-08-06 11:30:16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.081 Low

EPSS

Percentile

94.3%

JSON
Related for MFSA2009-36
securityvulns4cve2prion2openvas43gentoo1nessus31veracode1debian1freebsd1oraclelinux1ubuntucve1debiancve1centos1redhat1ubuntu1seebug1suse2