6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.149 Low
EPSS
Percentile
95.2%
Pango is a library used for the layout and rendering of internationalized
text.
It was discovered that Pango did not check for memory reallocation failures
in the hb_buffer_ensure() function. An attacker able to trigger a
reallocation failure by passing sufficiently large input to an application
using Pango could use this flaw to crash the application or, possibly,
execute arbitrary code with the privileges of the user running the
application. (CVE-2011-0064)
Red Hat would like to thank the Mozilla Security Team for reporting this
issue.
All pango users should upgrade to these updated packages, which contain a
backported patch to correct this issue. After installing this update, you
must restart your system or restart the X server for the update to take
effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | ppc64 | pango-devel | < 1.28.1-3.el6_0.5 | pango-devel-1.28.1-3.el6_0.5.ppc64.rpm |
RedHat | 6 | s390 | pango-devel | < 1.28.1-3.el6_0.5 | pango-devel-1.28.1-3.el6_0.5.s390.rpm |
RedHat | 6 | s390 | pango-debuginfo | < 1.28.1-3.el6_0.5 | pango-debuginfo-1.28.1-3.el6_0.5.s390.rpm |
RedHat | 6 | ppc | pango | < 1.28.1-3.el6_0.5 | pango-1.28.1-3.el6_0.5.ppc.rpm |
RedHat | 6 | s390x | pango-devel | < 1.28.1-3.el6_0.5 | pango-devel-1.28.1-3.el6_0.5.s390x.rpm |
RedHat | 6 | s390 | pango | < 1.28.1-3.el6_0.5 | pango-1.28.1-3.el6_0.5.s390.rpm |
RedHat | 6 | x86_64 | pango-debuginfo | < 1.28.1-3.el6_0.5 | pango-debuginfo-1.28.1-3.el6_0.5.x86_64.rpm |
RedHat | 6 | i686 | pango-debuginfo | < 1.28.1-3.el6_0.5 | pango-debuginfo-1.28.1-3.el6_0.5.i686.rpm |
RedHat | 6 | x86_64 | pango | < 1.28.1-3.el6_0.5 | pango-1.28.1-3.el6_0.5.x86_64.rpm |
RedHat | 6 | s390x | pango-debuginfo | < 1.28.1-3.el6_0.5 | pango-debuginfo-1.28.1-3.el6_0.5.s390x.rpm |