CVE-2011-0064

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.debian.org/security/2011/dsa-2178
http://www.vupen.com/english/advisories/2011/0558	Vendor Advisory
http://www.securityfocus.com/bid/46632
https://bugzilla.novell.com/show_bug.cgi?id=672502
http://www.vupen.com/english/advisories/2011/0555	Vendor Advisory
http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9	Patch
http://www.ubuntu.com/usn/USN-1082-1
http://secunia.com/advisories/43559	Vendor Advisory
http://securitytracker.com/id?1025145
http://secunia.com/advisories/43572	Vendor Advisory
http://secunia.com/advisories/43578	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0309.html
https://bugzilla.mozilla.org/show_bug.cgi?id=606997
http://www.vupen.com/english/advisories/2011/0543	Vendor Advisory
https://build.opensuse.org/request/show/63070	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=678563	Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
http://www.vupen.com/english/advisories/2011/0584
http://secunia.com/advisories/43800
http://www.vupen.com/english/advisories/2011/0683
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/65770

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnome:pango:1.28.3:::::::*
	cpe:2.3:a:mozilla:firefox::::::::

Information

Published : 2011-03-07 13:00

Updated : 2021-07-14 08:41

NVD link : CVE-2011-0064

Mitre link : CVE-2011-0064

JSON object : View

CWE

NVD-CWE-Other

Products Affected

mozilla

firefox

gnome

pango

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.debian.org/security/2011/dsa-2178", "name": "DSA-2178", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.vupen.com/english/advisories/2011/0558", "name": "ADV-2011-0558", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/bid/46632", "name": "46632", "tags": [], "refsource": "BID"}, {"url": "https://bugzilla.novell.com/show_bug.cgi?id=672502", "name": "https://bugzilla.novell.com/show_bug.cgi?id=672502", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2011/0555", "name": "ADV-2011-0555", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9", "name": "http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.ubuntu.com/usn/USN-1082-1", "name": "USN-1082-1", "tags": [], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/43559", "name": "43559", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1025145", "name": "1025145", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/43572", "name": "43572", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/43578", "name": "43578", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0309.html", "name": "RHSA-2011:0309", "tags": [], "refsource": "REDHAT"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=606997", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=606997", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2011/0543", "name": "ADV-2011-0543", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://build.opensuse.org/request/show/63070", "name": "https://build.opensuse.org/request/show/63070", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=678563", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=678563", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html", "name": "FEDORA-2011-3194", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:040", "name": "MDVSA-2011:040", "tags": [], "refsource": "MANDRIVA"}, {"url": "http://www.vupen.com/english/advisories/2011/0584", "name": "ADV-2011-0584", "tags": [], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/43800", "name": "43800", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2011/0683", "name": "ADV-2011-0683", "tags": [], "refsource": "VUPEN"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html", "name": "SUSE-SR:2011:005", "tags": [], "refsource": "SUSE"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65770", "name": "pango-hbbufferensure-bo(65770)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-0064", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2011-03-07T21:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnome:pango:1.28.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-07-14T15:41Z"}

6.8 /10