Vulnerability Details : CVE-2011-0064
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-0064
Probability of exploitation activity in the next 30 days: 13.56%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-0064
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2011-0064
-
http://www.vupen.com/english/advisories/2011/0584
Webmail | OVH- OVH
-
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:005
-
https://bugzilla.mozilla.org/show_bug.cgi?id=606997
606997 - (CVE-2011-0064) Crash with document.write marquee loop (JS:ShellCode-FG Exploit)
-
https://bugzilla.novell.com/show_bug.cgi?id=672502
Access Denied
-
http://www.vupen.com/english/advisories/2011/0683
Webmail | OVH- OVH
-
https://build.opensuse.org/request/show/63070
Request 63070 - openSUSE Build ServicePatch
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html
[SECURITY] Fedora 14 Update: pango-1.28.1-5.fc14
-
http://www.redhat.com/support/errata/RHSA-2011-0309.html
Support
-
http://www.securityfocus.com/bid/46632
Pango 'hb_buffer_ensure()' Buffer Overflow Vulnerability
-
http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9
harfbuzz - HarfBuzz text shaping library (new rewritten version)Patch
-
http://www.debian.org/security/2011/dsa-2178
Debian -- Security Information -- DSA-2178-1 pango1.0
-
http://www.vupen.com/english/advisories/2011/0555
Webmail | OVH- OVHVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
mandriva.com
-
https://bugzilla.redhat.com/show_bug.cgi?id=678563
678563 – (CVE-2011-0064) CVE-2011-0064 pango: missing memory reallocation failure checking in hb_buffer_ensurePatch
-
http://www.vupen.com/english/advisories/2011/0558
Webmail | OVH- OVHVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65770
Pango hb_buffer_ensure() buffer overflow CVE-2011-0064 Vulnerability Report
-
http://www.ubuntu.com/usn/USN-1082-1
USN-1082-1: Pango vulnerabilities | Ubuntu security notices
-
http://www.vupen.com/english/advisories/2011/0543
Webmail | OVH- OVHVendor Advisory
-
http://securitytracker.com/id?1025145
Pango Null Pointer Dereference in hb_buffer_add_glyph() May Let Remote Users Execute Arbitrary Code - SecurityTracker
Products affected by CVE-2011-0064
- cpe:2.3:a:gnome:pango:1.28.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*