363 matches found
new packages: pango
An update is available for pango. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...
CVE-2019-1010238 affecting package pango for versions less than 1.45.5-1
CVE-2019-1010238 affecting package pango for versions less than 1.45.5-1. This CVE either no longer is or was never applicable...
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
...
Mageia: Security Advisory (MGASA-2019-0235)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ALEA-2021:4229 google-noto-emoji-fonts and pango bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
google-noto-emoji-fonts and pango bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
google-noto-emoji-fonts and pango bug fix and enhancement update
An update is available for google-noto-emoji-fonts, pango. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, s...
Advisory ROSA-SA-2021-1945
Software: pango 1.42.4 OS: Cobalt 7.9 CVE-ID: CVE-2020-17365 CVE-Crit: HIGH CVE-DESC: Incorrect directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier could allow an authorized user to potentially enable privilege escalation via local access. The...
SUSE: Security Advisory (SUSE-SU-2018:2763-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 8 : pango (CESA-2019:2582)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:2582 advisory. - pango: pangolog2visgetembeddinglevels heap-based buffer overflow CVE-2019-1010238 Note that Nessus has not tested for this issue but has instead relied only o...
Virtuozzo 7 : pango / pango-devel / pango-tests (VZLSA-2019-2571)
An update for pango is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
FreeBSD : pango -- buffer overflow (456375e1-cd09-11ea-9172-4c72b94353b5)
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is : The heap based buffer overflow can be used to get code execution. The component is : function name: pangolog2visgetembeddinglevels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when...
openSUSE Security Update : cairo (openSUSE-2020-1003)
This update for cairo fixes the following issues : - Fix a memory corruption in pango. - Revert 'Correctly decode Adobe CMYK JPEGs in PDF export'. - Add more FreeeType font color conversions to support COLR/CPAL. - Fix crash when rendering Microsoft's Segoe UI Emoji Regular font. - Fix memory lea...
Amazon Linux 2 : fribidi (ALAS-2020-1434)
The version of fribidi installed on the remote host is prior to 1.0.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1434 advisory. A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an...
Unspecified Vulnerability in Pango AnchorFree VPN SDK
Pango AnchorFree VPN SDK is a VPN Virtual Private Network software development kit from Pango USA. A security vulnerability exists in Pango AnchorFree VPN SDK versions prior to 1.3.3.218. An attacker can exploit the vulnerability to execute malicious files with SYSTEM privileges...
Arbitrary Code Execution
pango is vulnerable to arbitrary code execution. The vulnerability exists as an input sanitization flaw, leading to a heap-based buffer overflow, was found in the way Pango displayed font files when using the FreeType font engine back end. If a user loaded a malformed font file with an applicatio...
Denial Of Service (DoS)
pango is vulnerable to denial of service. An input sanitization flaw, leading to an array index error, was found in the way the Pango font rendering library synthesized the Glyph Definition GDEF table from a font's character map and the Unicode property database. If an attacker created a...
Arbitrary Code Execution
pango is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow flaw in Pango's pangoglyphstringsetsize function. If an attacker is able to pass an arbitrarily long string to Pango, it may be possible to execute arbitrary code with the permissions of the applicati...
EulerOS Virtualization for ARM 64 3.0.6.0 : fribidi (EulerOS-SA-2020-1351)
According to the version of the fribidi package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allow...
imagemagick: null-pointer dereference in function ReadPANGOImage in coders/pango.c and ReadVIDImage in coders/vid.c causing denial of service
A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image...