Vulnerabilities > Gnome > Pango
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-19 | CVE-2019-1010238 | Out-of-bounds Write vulnerability in multiple products Gnome Pango 1.42 and later is affected by: Buffer Overflow. | 9.8 |
| 2018-08-24 | CVE-2018-15120 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. | 4.3 |
| 2012-06-16 | CVE-2011-3193 | Out-Of-Bounds Write vulnerability in multiple products Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. | 9.3 |
| 2011-03-07 | CVE-2011-0064 | The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. | 6.8 |
| 2010-03-18 | CVE-2010-0421 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Pango Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. | 4.3 |