Lucene search
K
GnomePango

6 matches found

CVE
CVE
added 2019/07/19 4:42 p.m.391 views

CVE-2019-1010238

CVE-2019-1010238 affects Gnome Pango 1.42 and later. The vulnerability is a heap-based buffer overflow in pango_log2vis_get_embedding_levels (involving nchars assignment and the loop condition), exploitable when applications pass invalid UTF-8 strings to functions like pango_itemize. Impact state...

9.8CVSS9.7AI score0.06274EPSS
CVE
CVE
added 2018/08/24 7:0 p.m.270 views

CVE-2018-15120

The CVE-2018-15120 entry concerns libpango in Pango 1.40.8–1.42.3 where crafted text with invalid Unicode sequences can cause a denial of service (application crash) and potentially other impacts. Public sources (e.g., CNVD, CNVD-2018-17885) indicate the fix is in Pango 1.42.4 and later. Related ...

6.5CVSS7AI score0.11499EPSS
CVE
CVE
added 2011/03/07 8:0 p.m.129 views

CVE-2011-0064

The CVE-2011-0064 issue affects HarfBuzz’s hb_buffer_ensure() as used by Pango (notably in Pango 1.28.3) and other products, where memory reallocations are not verified, potentially causing a NULL pointer dereference leading to a crash or, via crafted OpenType data triggering an incorrect index, ...

6.8CVSS7.8AI score0.03333EPSS
CVE
CVE
added 2012/06/16 12:0 a.m.117 views

CVE-2011-3193

CVE-2011-3193 is a heap-based buffer overflow in HarfBuzz’s Lookup_MarkMarkPos (harfbuzz-gpos.c) as used by Qt before 4.7.4 and Pango, allowing remote crashes and potential code execution via a crafted font. Remediation cited in advisories: upgrade to Qt 4.7.4+ and updated Pango/Harfbuzz where fi...

9.3CVSS7.8AI score0.07543EPSS
CVE
CVE
added 2010/03/18 5:12 p.m.98 views

CVE-2010-0421

CVE-2010-0421 affects Pango up to version 1.27.1, where an array index error in hb_ot_layout_build_glyph_classes during synthetic GDEF table construction from a font can crash an application (DoS) when processing a crafted font. Affected component: Pango/OpenType GDEF synthesis path. Root cause: ...

4.3CVSS6AI score0.02469EPSS
CVE
CVE
added 2011/01/24 5:0 p.m.87 views

CVE-2011-0020

CVE-2011-0020: Heap-based buffer overflow in Pango’s FreeType2 path (pango_ft2_font_render_box_glyph in libpango, older than or equal to 1.28.3) can crash the target application or allow arbitrary code execution via a crafted font. Affected products include libpango packages built with the FreeTy...

7.6CVSS8.2AI score0.18944EPSS