Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1082-1
HistoryMar 02, 2011 - 12:00 a.m.

Pango vulnerabilities

2011-03-0200:00:00
ubuntu.com
37

7.6 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.186 Low

EPSS

Percentile

96.2%

JSON

Releases

  • Ubuntu 10.10
  • Ubuntu 10.04
  • Ubuntu 9.10
  • Ubuntu 8.04

Packages

  • pango1.0 -

Details

Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph
Definition (GDEF) tables. If a user were tricked into displaying text with
a specially-crafted font, an attacker could cause Pango to crash, resulting
in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10.
(CVE-2010-0421)

Dan Rosenberg discovered that Pango incorrectly handled certain FT_Bitmap
objects. If a user were tricked into displaying text with a specially-
crafted font, an attacker could cause a denial of service or execute
arbitrary code with privileges of the user invoking the program. The
default compiler options for affected releases should reduce the
vulnerability to a denial of service. (CVE-2011-0020)

It was discovered that Pango incorrectly handled certain memory
reallocation failures. If a user were tricked into displaying text in a way
that would cause a reallocation failure, an attacker could cause a denial
of service or execute arbitrary code with privileges of the user invoking
the program. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10.
(CVE-2011-0064)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchlibpango1.0-0< 1.26.0-1ubuntu0.1UNKNOWN
Ubuntu9.10noarchlibpango1.0-0-dbg< 1.26.0-1ubuntu0.1UNKNOWN
Ubuntu9.10noarchlibpango1.0-dev< 1.26.0-1ubuntu0.1UNKNOWN
Ubuntu9.10noarchlibpango1.0-udeb< 1.26.0-1ubuntu0.1UNKNOWN
Ubuntu8.04noarchlibpango1.0-0< 1.20.5-0ubuntu1.2UNKNOWN
Ubuntu8.04noarchlibpango1.0-0-dbg< 1.20.5-0ubuntu1.2UNKNOWN
Ubuntu8.04noarchlibpango1.0-dev< 1.20.5-0ubuntu1.2UNKNOWN
Ubuntu8.04noarchlibpango1.0-udeb< 1.20.5-0ubuntu1.2UNKNOWN
Ubuntu10.10noarchgir1.0-pango-1.0< 1.28.2-0ubuntu1.1UNKNOWN
Ubuntu10.10noarchlibpango1.0-0< 1.28.2-0ubuntu1.1UNKNOWN
Rows per page:
1-10 of 181

Related

openvas 29
nessus 27
gentoo 1
veracode 2
cve 3
redhat 3
centos 2
debiancve 3
prion 3
ubuntucve 3
debian 3
oraclelinux 3
securityvulns 7
osv 1
fedora 1
rosalinux 1
openvas
openvas
Ubuntu: Security Advisory (USN-1082-1)
2011-03-07 00:00:00
Ubuntu Update for pango1.0 vulnerabilities USN-1082-1
2011-03-07 00:00:00
Gentoo Security Advisory GLSA 201405-13
2015-09-29 00:00:00
nessus
nessus
Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : pango1.0 vulnerabilities (USN-1082-1)
2011-03-03 00:00:00
openSUSE Security Update : libpango-1_0-0 (openSUSE-SU-2011:0221-1)
2014-06-13 00:00:00
openSUSE Security Update : libpango-1_0-0 (openSUSE-SU-2011:0221-1)
2011-05-05 00:00:00
gentoo
gentoo
Pango: Multiple vulnerabilities
2014-05-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:40:49
Arbitrary Code Execution
2020-04-10 00:59:27
cve
cve
CVE-2010-0421
2010-03-18 17:30:00
CVE-2011-0064
2011-03-07 21:00:00
CVE-2011-0020
2011-01-24 18:00:00
redhat
redhat
(RHSA-2011:0180) Moderate: pango security update
2011-01-27 00:00:00
(RHSA-2011:0309) Critical: pango security update
2011-03-01 00:00:00
(RHSA-2010:0140) Moderate: pango security update
2010-03-15 00:00:00
centos
centos
evolution28 security update
2011-02-04 10:45:23
evolution28, pango security update
2010-03-16 13:01:20
debiancve
debiancve
CVE-2011-0020
2011-01-24 18:00:00
CVE-2010-0421
2010-03-18 17:30:00
CVE-2011-0064
2011-03-07 21:00:00
prion
prion
Heap overflow
2011-01-24 18:00:00
Design/Logic Flaw
2010-03-18 17:30:00
Null pointer dereference
2011-03-07 21:00:00
ubuntucve
ubuntucve
CVE-2011-0020
2011-01-24 00:00:00
CVE-2010-0421
2010-03-18 00:00:00
CVE-2011-0064
2011-03-01 00:00:00
debian
debian
[SECURITY] [DSA-2019-1] New pango1.0 packages fix denial of service
2010-03-20 09:42:01
[SECURITY] [DSA-2019-1] New pango1.0 packages fix denial of service
2010-03-20 09:41:28
[SECURITY] [DSA 2178-1] pango1.0 security update
2011-03-02 20:11:06
oraclelinux
oraclelinux
pango security update
2011-03-01 00:00:00
pango security update
2010-03-15 00:00:00
pango security update
2011-01-27 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2178-1] pango1.0 security update
2011-03-03 00:00:00
[SECURITY] [DSA-2019-1] New pango1.0 packages fix denial of service
2010-03-23 00:00:00
Pango library array index overflow
2010-03-23 00:00:00
osv
osv
pango1.0 - denial of service
2010-03-20 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: pango-1.28.1-5.fc14
2011-03-16 19:54:59
rosalinux
rosalinux
Advisory ROSA-SA-2024-2371
2024-03-12 12:37:38

7.6 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.186 Low

EPSS

Percentile

96.2%

JSON
Related for USN-1082-1
openvas29nessus27gentoo1veracode2cve3redhat3centos2debiancve3prion3ubuntucve3debian3oraclelinux3securityvulns7osv1fedora1rosalinux1