CVE-2019-1010238

Published: Jul 19, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.

Affected (28)

Products: Gnome: Pango · Oracle: Sd Wan Edge · Fedoraproject: Fedora · +3 more

Show all products

Gnome: Pango · Oracle: Sd Wan Edge · Fedoraproject: Fedora · Debian: Debian Linux · Canonical: Ubuntu Linux · Redhat: Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Tus, Enterprise Linux Workstation, Openshift Container Platform

1 product

1 product

1 product

1 product

1 product

8 products

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Openshift Container Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnome Pango	From 1.42.0 to 1.44

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Oracle Sd Wan Edge	Version 7.3
Oracle Sd Wan Edge	Version 8.0
Oracle Sd Wan Edge	Version 8.1
Oracle Sd Wan Edge	Version 8.2

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 19.04

Configuration F

19 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Eus	Version 7.4
Redhat Enterprise Linux Eus	Version 7.6
Redhat Enterprise Linux Eus	Version 8.1
Redhat Enterprise Linux Eus	Version 8.2
Redhat Enterprise Linux Eus	Version 8.4
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Aus	Version 7.7
Redhat Enterprise Linux Server Aus	Version 8.2
Redhat Enterprise Linux Server Aus	Version 8.4
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.7
Redhat Enterprise Linux Server Tus	Version 8.2
Redhat Enterprise Linux Server Tus	Version 8.4
Redhat Enterprise Linux Workstation	Version 7.0
Redhat Openshift Container Platform	Version 3.11
Redhat Openshift Container Platform	Version 4.1

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (28)

https://access.redhat.com/errata/RHBA-2019:2824

Source: josh@bress.net

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2571

Source: josh@bress.net

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2582

Source: josh@bress.net

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2594

Source: josh@bress.net

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3234

Source: josh@bress.net

Third Party Advisory

https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c

Source: josh@bress.net

PatchVendor Advisory

https://gitlab.gnome.org/GNOME/pango/-/issues/342

Source: josh@bress.net

ExploitIssue TrackingVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDDCJFWUQ57M4/

Source: josh@bress.net

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFFF4FY7SCAYT3EKTYPGRN6BVKZTH7Y7/

Source: josh@bress.net

https://seclists.org/bugtraq/2019/Aug/14

Source: josh@bress.net

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201909-03

Source: josh@bress.net

Third Party Advisory

https://usn.ubuntu.com/4081-1/

Source: josh@bress.net

Third Party Advisory

https://www.debian.org/security/2019/dsa-4496

Source: josh@bress.net

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Source: josh@bress.net

PatchThird Party Advisory

https://access.redhat.com/errata/RHBA-2019:2824

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2571

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2582

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2594

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3234

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://gitlab.gnome.org/GNOME/pango/-/issues/342

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDDCJFWUQ57M4/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFFF4FY7SCAYT3EKTYPGRN6BVKZTH7Y7/

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2019/Aug/14

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/201909-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4081-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2019/dsa-4496

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.