what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2011-0064

Status Candidate

Overview

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

Related Files

Unisphere Central Redirect / Access Bypass / DoS / Updates
Posted Jan 30, 2015
Site emc.com

Unisphere Central versions prior to 4.0 suffer from a large amount of security vulnerabilities and an update has been released that includes a fix for an unvalidated redirect issue along with various embedded component vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2010-5107, CVE-2010-5298, CVE-2011-0020, CVE-2011-0064, CVE-2011-3389, CVE-2012-2137, CVE-2012-5885, CVE-2012-6085, CVE-2012-6548, CVE-2012-6549, CVE-2013-0160, CVE-2013-0216, CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0349, CVE-2013-0913, CVE-2013-0914, CVE-2013-1767, CVE-2013-1772, CVE-2013-1774, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-1899
SHA-256 | ce4edb828cb719a743e51aeccc8b869350ac720be7a173f3e3978c205c139f5f
Gentoo Linux Security Advisory 201405-13
Posted May 19, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201405-13 - Multiple vulnerabilities have been found in Pango, the worst of which allow execution of arbitrary code or Denial of Service. Versions less than 1.28.3-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-1194, CVE-2009-2468, CVE-2011-0020, CVE-2011-0064
SHA-256 | faf4b69f963cc7630668de445423879ab7dcf832430345ee6548d09a12472865
Debian Security Advisory 2178-1
Posted Mar 2, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2178-1 - It was discovered that pango did not check for memory allocation failures, causing a NULL pointer dereference with an adjustable offset. This can lead to application crashes and potentially arbitrary code execution.

tags | advisory, arbitrary, code execution
systems | linux, debian
advisories | CVE-2011-0064
SHA-256 | 213b3dd282ebde23412fea47ec939c0d2ab2671024435416b3f75f2ef0468a6c
Ubuntu Security Notice USN-1082-1
Posted Mar 2, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1082-1 - Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph Definition (GDEF) tables. If a user were tricked into displaying text with a specially-crafted font, an attacker could cause Pango to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10. Dan Rosenberg discovered that Pango incorrectly handled certain FT_Bitmap objects. If a user were tricked into displaying text with a specially- crafted font, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. The default compiler options for affected releases should reduce the vulnerability to a denial of service. It was discovered that Pango incorrectly handled certain memory reallocation failures. If a user were tricked into displaying text in a way that would cause a reallocation failure, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-0421, CVE-2011-0020, CVE-2011-0064
SHA-256 | 55ec43235e341978a77e9e35929be0aa8b8a56a7665d47badc484fada019b94d
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close