6.8

CVE-2011-0064

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomePango Version1.28.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.33% 0.871
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html
http://secunia.com/advisories/43559
Vendor Advisory
http://secunia.com/advisories/43572
Vendor Advisory
http://secunia.com/advisories/43578
Vendor Advisory
http://secunia.com/advisories/43800
http://securitytracker.com/id?1025145
http://www.debian.org/security/2011/dsa-2178
http://www.redhat.com/support/errata/RHSA-2011-0309.html
http://www.securityfocus.com/bid/46632
http://www.ubuntu.com/usn/USN-1082-1
http://www.vupen.com/english/advisories/2011/0543
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0555
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0558
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0584
http://www.vupen.com/english/advisories/2011/0683
https://bugzilla.mozilla.org/show_bug.cgi?id=606997
https://bugzilla.novell.com/show_bug.cgi?id=672502
https://bugzilla.redhat.com/show_bug.cgi?id=678563
Patch
https://build.opensuse.org/request/show/63070
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/65770