Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
12 Apr 2022, 16:51
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://gitlab.gnome.org/GNOME/pango/-/issues/342 - Exploit, Issue Tracking, Vendor Advisory | |
References | (MISC) https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c - Patch, Vendor Advisory |
06 Apr 2022, 18:23
Type | Values Removed | Values Added |
---|---|---|
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2571 - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201909-03 - Third Party Advisory | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/Aug/14 - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDDCJFWUQ57M4/ - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3234 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHBA-2019:2824 - Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Patch, Third Party Advisory | |
References | (MISC) https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c - Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VFFF4FY7SCAYT3EKTYPGRN6BVKZTH7Y7/ - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2582 - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2019/dsa-4496 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2594 - Third Party Advisory | |
References | (MISC) https://gitlab.gnome.org/GNOME/pango/-/issues/342 - Exploit, Vendor Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4081-1/ - Third Party Advisory | |
First Time |
Oracle sd-wan Edge
Debian debian Linux Redhat enterprise Linux Desktop Redhat enterprise Linux Server Oracle Redhat enterprise Linux Eus Redhat enterprise Linux Server Tus Canonical ubuntu Linux Redhat enterprise Linux Server Aus Fedoraproject fedora Canonical Fedoraproject Debian Redhat enterprise Linux Workstation Redhat enterprise Linux Redhat openshift Container Platform Redhat |
|
CPE | cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_edge:8.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_edge:8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_edge:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* |
10 Jan 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
14 Jul 2021, 15:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:* |
Information
Published : 2019-07-19 17:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-1010238
Mitre link : CVE-2019-1010238
CVE.ORG link : CVE-2019-1010238
JSON object : View
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_eus
- enterprise_linux_server_tus
- enterprise_linux_workstation
- openshift_container_platform
gnome
- pango
debian
- debian_linux
oracle
- sd-wan_edge
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-787
Out-of-bounds Write