CVEs (6)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
6Canonical DebianFedoraproject+3 more13Debian Linux Enterprise LinuxEnterprise Linux Desktop+10 moreNov 21, 2024 Jul 19, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment...Show more |
2Canonical Gnome2Pango Ubuntu LinuxNov 21, 2024 Aug 24, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with inv...Show more |
5Canonical GnomeOpensuse+2 more8Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+5 moreApr 29, 2026 Jun 16, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly exec...Show more |
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of servic...Show more |
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers...Show more |
Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafte...Show more |