6 matches found
CVE-2019-1010238
CVE-2019-1010238 affects Gnome Pango 1.42 and later. The vulnerability is a heap-based buffer overflow in pango_log2vis_get_embedding_levels (involving nchars assignment and the loop condition), exploitable when applications pass invalid UTF-8 strings to functions like pango_itemize. Impact state...
CVE-2018-15120
The CVE-2018-15120 entry concerns libpango in Pango 1.40.8–1.42.3 where crafted text with invalid Unicode sequences can cause a denial of service (application crash) and potentially other impacts. Public sources (e.g., CNVD, CNVD-2018-17885) indicate the fix is in Pango 1.42.4 and later. Related ...
CVE-2011-0064
The CVE-2011-0064 issue affects HarfBuzz’s hb_buffer_ensure() as used by Pango (notably in Pango 1.28.3) and other products, where memory reallocations are not verified, potentially causing a NULL pointer dereference leading to a crash or, via crafted OpenType data triggering an incorrect index, ...
CVE-2011-3193
CVE-2011-3193 is a heap-based buffer overflow in HarfBuzz’s Lookup_MarkMarkPos (harfbuzz-gpos.c) as used by Qt before 4.7.4 and Pango, allowing remote crashes and potential code execution via a crafted font. Remediation cited in advisories: upgrade to Qt 4.7.4+ and updated Pango/Harfbuzz where fi...
CVE-2010-0421
CVE-2010-0421 affects Pango up to version 1.27.1, where an array index error in hb_ot_layout_build_glyph_classes during synthetic GDEF table construction from a font can crash an application (DoS) when processing a crafted font. Affected component: Pango/OpenType GDEF synthesis path. Root cause: ...
CVE-2011-0020
CVE-2011-0020: Heap-based buffer overflow in Pango’s FreeType2 path (pango_ft2_font_render_box_glyph in libpango, older than or equal to 1.28.3) can crash the target application or allow arbitrary code execution via a crafted font. Affected products include libpango packages built with the FreeTy...