cvelistv5 - cve-2011-0020

CVE-2011-0020 (GCVE-0-2011-0020)

Vulnerability from cvelistv5

Published

2011-01-24 17:00

Modified

2024-08-06 21:43

Severity ?

CWE

Summary

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=671122	x_refsource_CONFIRM
	https://bugzilla.gnome.org/show_bug.cgi?id=639882	x_refsource_MISC
	https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1024994	vdb-entry, x_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilities/64832	vdb-entry, x_refsource_XF
	http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://openwall.com/lists/oss-security/2011/01/18/6	mailing-list, x_refsource_MLIST
	http://osvdb.org/70596	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/43100	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2011-0180.html	vendor-advisory, x_refsource_REDHAT
	http://openwall.com/lists/oss-security/2011/01/20/2	mailing-list, x_refsource_MLIST
	http://www.vupen.com/english/advisories/2011/0186	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/42934	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/45842	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2011/0238	vdb-entry, x_refsource_VUPEN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:43:14.022Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671122"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=639882"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616"
          },
          {
            "name": "1024994",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024994"
          },
          {
            "name": "pango-pango-bo(64832)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64832"
          },
          {
            "name": "SUSE-SR:2011:005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
          },
          {
            "name": "[oss-security] 20110118 CVE request: heap corruption in libpango",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/01/18/6"
          },
          {
            "name": "70596",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70596"
          },
          {
            "name": "43100",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43100"
          },
          {
            "name": "RHSA-2011:0180",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0180.html"
          },
          {
            "name": "[oss-security] 20110120 Re: CVE request: heap corruption in libpango",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2011/01/20/2"
          },
          {
            "name": "ADV-2011-0186",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0186"
          },
          {
            "name": "42934",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42934"
          },
          {
            "name": "45842",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45842"
          },
          {
            "name": "ADV-2011-0238",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0238"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671122"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.gnome.org/show_bug.cgi?id=639882"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616"
        },
        {
          "name": "1024994",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024994"
        },
        {
          "name": "pango-pango-bo(64832)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64832"
        },
        {
          "name": "SUSE-SR:2011:005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html"
        },
        {
          "name": "[oss-security] 20110118 CVE request: heap corruption in libpango",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/01/18/6"
        },
        {
          "name": "70596",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70596"
        },
        {
          "name": "43100",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43100"
        },
        {
          "name": "RHSA-2011:0180",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0180.html"
        },
        {
          "name": "[oss-security] 20110120 Re: CVE request: heap corruption in libpango",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2011/01/20/2"
        },
        {
          "name": "ADV-2011-0186",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0186"
        },
        {
          "name": "42934",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42934"
        },
        {
          "name": "45842",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45842"
        },
        {
          "name": "ADV-2011-0238",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0238"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-0020",
    "datePublished": "2011-01-24T17:00:00.000Z",
    "dateReserved": "2010-12-07T00:00:00.000Z",
    "dateUpdated": "2024-08-06T21:43:14.022Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2011-AVI-129

Vulnerability from certfr_avis

Deux vulnérabilités ont été corrigées dans la bibliothèque libpango. Elles peuvent être exploitées pour réaliser un déni de service à distance, et dans certains cas exécuter du code à distance.

Description

Deux vulnérabilités affectent libpango. La première (CVE-2011-0020) permet à un attaquant de réaliser un déni de service en provoquant l'arrêt brutal d'une application utilisant cette bibliothèque à l'aide d'un fichier de police de caractères spécialement conçu. Le débordement de tampon sur le tas est à l'origine de l'arrêt, et pourrait être exploité pour exécuter du code à distance. La seconde (CVE-2011-0064) permet à une personne malveillante de provoquer l'arrêt brutal d'une application via un déréférencement de pointeur NULL, en lui passant des paramètres spécialement conçus. L'exécution de code arbitraire à distance est également possible.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Libpango versions 1.28.3 et précédentes.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Rapport de bug Ubuntu n°696616 du 02 mars 2011	None	vendor-advisory
Rapport de bug Gnome n°639882 du 18 janvier 2011	None	vendor-advisory
Bulletin de sécurité Debian DSA 2178 du 02 mars 2011 :	-	other
Bulletin de sécurité RedHat RHSA-2011:0309 du 03 mars 2011 :	-	other
Rapport de bug Debian n°610792 du 24 janvier 2011 :	-	other
Bulletin de sécurité Ubuntu USN-1082-1 du 02 mars 2011 :	-	other
Bulletin de sécurité RedHat RHSA-2011:0180 du 27 janvier 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLibpango versions 1.28.3 et pr\u00e9c\u00e9dentes.\u003c/P\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s affectent libpango. La premi\u00e8re (CVE-2011-0020)\npermet \u00e0 un attaquant de r\u00e9aliser un d\u00e9ni de service en provoquant\nl\u0027arr\u00eat brutal d\u0027une application utilisant cette biblioth\u00e8que \u00e0 l\u0027aide\nd\u0027un fichier de police de caract\u00e8res sp\u00e9cialement con\u00e7u. Le d\u00e9bordement\nde tampon sur le tas est \u00e0 l\u0027origine de l\u0027arr\u00eat, et pourrait \u00eatre\nexploit\u00e9 pour ex\u00e9cuter du code \u00e0 distance. La seconde (CVE-2011-0064)\npermet \u00e0 une personne malveillante de provoquer l\u0027arr\u00eat brutal d\u0027une\napplication via un d\u00e9r\u00e9f\u00e9rencement de pointeur NULL, en lui passant des\nparam\u00e8tres sp\u00e9cialement con\u00e7us. L\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance est \u00e9galement possible.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0020"
    },
    {
      "name": "CVE-2011-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0064"
    }
  ],
  "initial_release_date": "2011-03-03T00:00:00",
  "last_revision_date": "2011-03-03T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 2178 du 02 mars 2011 :",
      "url": "http://www.debian.org/security/2011/dsa-2178"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2011:0309 du 03 mars 2011    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2011-0309.html"
    },
    {
      "title": "Rapport de bug Debian n\u00b0610792 du 24 janvier 2011 :",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610792"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1082-1 du 02 mars 2011 :",
      "url": "http://www.ubuntulinux.org/usn/usn-1082-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2011:0180 du 27 janvier    2011 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2011-0180.html"
    }
  ],
  "reference": "CERTA-2011-AVI-129",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-03-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans la biblioth\u00e8que libpango.\nElles peuvent \u00eatre exploit\u00e9es pour r\u00e9aliser un d\u00e9ni de service \u00e0\ndistance, et dans certains cas ex\u00e9cuter du code \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans libpango",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Rapport de bug Ubuntu n\u00b0696616 du 02 mars 2011",
      "url": null
    },
    {
      "published_at": null,
      "title": "Rapport de bug Gnome n\u00b0639882 du 18 janvier 2011",
      "url": "http://bugzilla.gnome.org/show_bug.cgi?id=639882"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-0020 (GCVE-0-2011-0020)

Vulnerability from cvelistv5

CERTA-2011-AVI-129

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature