what you don't know can hurt you
Showing 1 - 7 of 7 RSS Feed

CVE-2011-3193

Status Candidate

Overview

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

Related Files

Gentoo Linux Security Advisory 201311-14
Posted Nov 22, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-14 - Multiple vulnerabilities have been discovered in QtCore and QtGui, possibly resulting in execution of arbitrary code, Denial of Service, or man-in-the-middle attacks. Versions less than 4.8.4-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-3193, CVE-2013-0254
MD5 | 672a22eff48f0497dc3c1ae59f986a4e
Ubuntu Security Notice USN-1504-1
Posted Jul 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1504-1 - It was discovered that Qt did not properly handle wildcard domain names or IP addresses in the Common Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. This issue only affected Ubuntu 10.04 LTS. A heap-based buffer overflow was discovered in the HarfBuzz module. If a user were tricked into opening a crafted font file in a Qt application, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-5076, CVE-2011-3193, CVE-2011-3194, CVE-2010-5076, CVE-2011-3193, CVE-2011-3194
MD5 | a9997166b739037023557de2955c6ae7
Red Hat Security Advisory 2011-1327-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1327-01 - frysk is an execution-analysis technology implemented using native Java and C++. It provides developers and system administrators with the ability to examine and analyze multi-host, multi-process, and multithreaded systems while they are running. frysk is released as a Technology Preview for Red Hat Enterprise Linux 4. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in the embedded Pango library. If a frysk application were used to debug or trace a process that uses HarfBuzz while it loaded a specially-crafted font file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

tags | advisory, java, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3193
MD5 | 7b3f9df639f50f25d1a25a9e3d7e4134
Red Hat Security Advisory 2011-1326-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1326-01 - Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3193
MD5 | d34245ae1d7f7758ec3ddaefa20b0d31
Red Hat Security Advisory 2011-1325-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1325-01 - Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of evolution28-pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3193
MD5 | 2446d9adc9f7b3e39028d9e19965f424
Red Hat Security Advisory 2011-1324-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1324-01 - Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting attack. A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially-crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

tags | advisory, web, overflow, arbitrary, xss
systems | linux, redhat
advisories | CVE-2007-0242, CVE-2011-3193
MD5 | e34b4a17cb099c4d856fe493a4a00b60
Red Hat Security Advisory 2011-1323-01
Posted Sep 22, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1323-01 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3193, CVE-2011-3194
MD5 | b0d85665f9f9c927a5d0e1e4ebce77ff
Page 1 of 1
Back1Next

File Archive:

August 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    1 Files
  • 2
    Aug 2nd
    7 Files
  • 3
    Aug 3rd
    5 Files
  • 4
    Aug 4th
    7 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close