Vulnerabilities > CVE-2019-1010238 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
gnome
oracle
fedoraproject
debian
canonical
redhat
CWE-787
critical
nessus

Summary

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4081-1.NASL
    descriptionIt was discovered that Pango incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127798
    published2019-08-12
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127798
    titleUbuntu 19.04 : pango1.0 vulnerability (USN-4081-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2582.NASL
    descriptionAn update for pango is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Security Fix(es) : * pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow (CVE-2019-1010238) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128408
    published2019-08-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128408
    titleRHEL 8 : pango (RHSA-2019:2582)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201909-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201909-03 (Pango: Buffer overflow) A buffer overflow has been discovered in Pango’s pango_log2vis_get_embedding_levels function. Impact : A remote attacker could entice a user to process a specially crafted string with functions like pango_itemize, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id128592
    published2019-09-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128592
    titleGLSA-201909-03 : Pango: Buffer overflow
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0191_PANGO.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pango packages installed that are affected by a vulnerability: - Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. (CVE-2019-1010238) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129893
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129893
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : pango Vulnerability (NS-SA-2019-0191)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-2582.NASL
    descriptionFrom Red Hat Security Advisory 2019:2582 : An update for pango is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Security Fix(es) : * pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow (CVE-2019-1010238) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128405
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128405
    titleOracle Linux 8 : pango (ELSA-2019-2582)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3234.NASL
    descriptionAn update for pango is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Security Fix(es) : * pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow (CVE-2019-1010238) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130381
    published2019-10-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130381
    titleRHEL 7 : pango (RHSA-2019:3234)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2344.NASL
    descriptionAccording to the version of the pango package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.(CVE-2019-1010238) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131509
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131509
    titleEulerOS Virtualization for ARM 64 3.0.3.0 : pango (EulerOS-SA-2019-2344)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2571.NASL
    descriptionAn update for pango is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Security Fix(es) : * pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow (CVE-2019-1010238) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128407
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128407
    titleRHEL 7 : pango (RHSA-2019:2571)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2088.NASL
    descriptionAccording to the version of the pango packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.(CVE-2019-1010238) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-09-30
    plugin id129447
    published2019-09-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129447
    titleEulerOS 2.0 SP8 : pango (EulerOS-SA-2019-2088)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190828_PANGO_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow (CVE-2019-1010238)
    last seen2020-03-18
    modified2019-08-29
    plugin id128311
    published2019-08-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128311
    titleScientific Linux Security Update : pango on SL7.x x86_64 (20190828)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-547BE4A683.NASL
    descriptionSecurity fix for CVE-2019-1010238 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128040
    published2019-08-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128040
    titleFedora 30 : pango (2019-547be4a683)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-155E34DF5A.NASL
    descriptionSecurity fix for CVE-2019-1010238 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128432
    published2019-09-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128432
    titleFedora 29 : pango (2019-155e34df5a)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0232_PANGO.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has pango packages installed that are affected by a vulnerability: - Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. (CVE-2019-1010238) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132477
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132477
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : pango Vulnerability (NS-SA-2019-0232)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-2571.NASL
    descriptionFrom Red Hat Security Advisory 2019:2571 : An update for pango is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Security Fix(es) : * pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow (CVE-2019-1010238) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128298
    published2019-08-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128298
    titleOracle Linux 7 : pango (ELSA-2019-2571)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2571.NASL
    descriptionAn update for pango is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Security Fix(es) : * pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow (CVE-2019-1010238) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id129018
    published2019-09-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129018
    titleCentOS 7 : pango (CESA-2019:2571)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4496.NASL
    descriptionBenno Fuenfstueck discovered that Pango, a library for layout and rendering of text with an emphasis on internationalization, is prone to a heap-based buffer overflow flaw in the pango_log2vis_get_embedding_levels function. An attacker can take advantage of this flaw for denial of service or potentially the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id127492
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127492
    titleDebian DSA-4496-1 : pango1.0 - security update

Redhat

advisories
  • bugzilla
    id1737785
    titleCVE-2019-1010238 pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentpango-tests is earlier than 0:1.42.4-4.el7_7
            ovaloval:com.redhat.rhsa:tst:20192571001
          • commentpango-tests is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152116008
        • AND
          • commentpango-devel is earlier than 0:1.42.4-4.el7_7
            ovaloval:com.redhat.rhsa:tst:20192571003
          • commentpango-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152116012
        • AND
          • commentpango is earlier than 0:1.42.4-4.el7_7
            ovaloval:com.redhat.rhsa:tst:20192571005
          • commentpango is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152116010
    rhsa
    idRHSA-2019:2571
    released2019-08-28
    severityImportant
    titleRHSA-2019:2571: pango security update (Important)
  • bugzilla
    id1737785
    titleCVE-2019-1010238 pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentpango-debugsource is earlier than 0:1.42.4-5.el8_0
            ovaloval:com.redhat.rhsa:tst:20192582001
          • commentpango-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20192582002
        • AND
          • commentpango-devel is earlier than 0:1.42.4-5.el8_0
            ovaloval:com.redhat.rhsa:tst:20192582003
          • commentpango-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152116012
        • AND
          • commentpango is earlier than 0:1.42.4-5.el8_0
            ovaloval:com.redhat.rhsa:tst:20192582005
          • commentpango is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20152116010
    rhsa
    idRHSA-2019:2582
    released2019-08-29
    severityImportant
    titleRHSA-2019:2582: pango security update (Important)
  • rhsa
    idRHBA-2019:2824
  • rhsa
    idRHSA-2019:2594
  • rhsa
    idRHSA-2019:3234
rpms
  • pango-0:1.42.4-4.el7_7
  • pango-debuginfo-0:1.42.4-4.el7_7
  • pango-devel-0:1.42.4-4.el7_7
  • pango-tests-0:1.42.4-4.el7_7
  • pango-0:1.42.4-5.el8_0
  • pango-debuginfo-0:1.42.4-5.el8_0
  • pango-debugsource-0:1.42.4-5.el8_0
  • pango-devel-0:1.42.4-5.el8_0
  • pango-tests-debuginfo-0:1.42.4-5.el8_0
  • pango-0:1.42.4-3.el7_6
  • pango-debuginfo-0:1.42.4-3.el7_6
  • pango-devel-0:1.42.4-3.el7_6
  • pango-tests-0:1.42.4-3.el7_6

References