Back to search
CVE-2019-1010238
Published: Jul 19, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
| Vendor | Product | Versions |
|---|---|---|
Gnome | Pango | affected 1.42 and later |
References
USN-4081-1
vendor-advisory
x_refsource_UBUNTU
DSA-4496
vendor-advisory
x_refsource_DEBIAN
20190812 [SECURITY] [DSA 4496-1] pango1.0 security update
mailing-list
x_refsource_BUGTRAQ
FEDORA-2019-547be4a683
vendor-advisory
x_refsource_FEDORA
RHSA-2019:2571
vendor-advisory
x_refsource_REDHAT
RHSA-2019:2582
vendor-advisory
x_refsource_REDHAT
FEDORA-2019-155e34df5a
vendor-advisory
x_refsource_FEDORA
GLSA-201909-03
vendor-advisory
x_refsource_GENTOO
RHSA-2019:2594
vendor-advisory
x_refsource_REDHAT
RHBA-2019:2824
vendor-advisory
x_refsource_REDHAT
RHSA-2019:3234
vendor-advisory
x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
https://gitlab.gnome.org/GNOME/pango/-/issues/342
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now