9.3

CVE-2011-3193

EPSS 3.16%
Veröffentlicht 16.06.2012 00:55:03
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 31

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnome ≫ Pango Version < 1.25.1

Qt ≫ Qt Version < 4.7.4

Canonical ≫ Ubuntu Linux Version10.04 SwEdition-

Canonical ≫ Ubuntu Linux Version11.04

Redhat ≫ Enterprise Linux Desktop Version4.0

Redhat ≫ Enterprise Linux Desktop Version5.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Eus Version6.1

Redhat ≫ Enterprise Linux Server Version4.0

Redhat ≫ Enterprise Linux Server Version5.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Workstation Version4.0

Redhat ≫ Enterprise Linux Workstation Version5.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Opensuse ≫ Opensuse Version11.3

Opensuse ≫ Opensuse Version11.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.16%	0.864

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://rhn.redhat.com/errata/RHSA-2011-1324.html

Third Party Advisory

http://secunia.com/advisories/46117

Third Party Advisory

http://secunia.com/advisories/46410

Third Party Advisory

https://hermes.opensuse.org/messages/12056605

Broken Link

http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65

Patch

Third Party Advisory

http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08

Patch

Third Party Advisory

http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0

Patch

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html

Third Party Advisory

Mailing List

http://rhn.redhat.com/errata/RHSA-2011-1323.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2011-1325.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2011-1326.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2011-1327.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2011-1328.html

Third Party Advisory

http://secunia.com/advisories/41537

Third Party Advisory

http://secunia.com/advisories/46118

Third Party Advisory

http://secunia.com/advisories/46119

Third Party Advisory

http://secunia.com/advisories/46128

Third Party Advisory

http://secunia.com/advisories/46371

Third Party Advisory

http://secunia.com/advisories/49895

Third Party Advisory

http://www.openwall.com/lists/oss-security/2011/08/22/6

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2011/08/24/8

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2011/08/25/1

Third Party Advisory

Mailing List

http://www.osvdb.org/75652

Broken Link

http://www.securityfocus.com/bid/49723

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-1504-1

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/69991

Third Party Advisory

VDB Entry

https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2011-3193

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-3193

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-3193

EUVD