Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

pango pango vulnerabilities and exploits

(subscribe to this query)
10
CVSSv2
CVE-2020-12828
An issue exists in AnchorFree VPN SDK prior to 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file...
Pango Virtual Private Network Software Development Kit
9.3
CVSSv2
CVE-2011-3193
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt prior to 4.7.4 and Pango, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Gnome PangoQt QtCanonical Ubuntu Linux 10.04Canonical Ubuntu Linux 11.04Redhat Enterprise Linux Desktop 4.0Redhat Enterprise Linux Desktop 5.0Redhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Eus 6.1Redhat Enterprise Linux Server 4.0Redhat Enterprise Linux Server 5.0Redhat Enterprise Linux Server 6.0Redhat Enterprise Linux Workstation 4.0Redhat Enterprise Linux Workstation 5.0Redhat Enterprise Linux Workstation 6.0Opensuse Opensuse 11.3Opensuse Opensuse 11.4
7.6
CVSSv2
CVE-2011-0020
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and previous versions, when the FreeType2 backend is enabled, allows user-assisted remote malicious users to cause a denial of service (application cr...
Pango Pango 1.7Pango Pango 1.5Pango Pango 1.6Pango Pango 1.17Pango Pango 0.23Pango Pango 1.9Pango Pango 1.11Pango Pango 0.22Pango Pango 1.14Pango Pango 1.21Pango Pango 1.27Pango Pango 1.1Pango Pango 1.26Pango Pango 1.16Pango Pango 0.24Pango Pango 1.8Pango Pango 0.25Pango Pango 1.4Pango Pango 1.24Pango Pango 1.19Pango Pango 1.0Pango Pango 1.15
7.5
CVSSv2
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug...
Gnome PangoOracle Sd-wan Edge 8.2Oracle Sd-wan Edge 7.3Oracle Sd-wan Edge 8.0Oracle Sd-wan Edge 8.1Fedoraproject Fedora 29Fedoraproject Fedora 30Debian Debian Linux 10.0Canonical Ubuntu Linux 19.04Redhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux Server 7.0Redhat Enterprise Linux Eus 7.4Redhat Enterprise Linux Server Tus 7.6Redhat Enterprise Linux Server Aus 7.6Redhat Openshift Container Platform 3.11Redhat Enterprise Linux Eus 7.6Redhat Enterprise Linux 8.0Redhat Enterprise Linux Server Aus 7.7Redhat Enterprise Linux Server Tus 7.7Redhat Openshift Container Platform 4.1Redhat Enterprise Linux Eus 8.1
7.5
CVSSv2
CVE-2013-0927
Google Chrome OS prior to 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows malicious users to byp...
Google Chrome Os 26.0.1410.44Google Chrome Os 26.0.1410.15Google Chrome Os 26.0.1410.19Google Chrome Os 26.0.1410.9Google Chrome Os 26.0.1410.25Google Chrome Os 26.0.1410.22Google Chrome Os 26.0.1410.3Google Chrome Os 26.0.1410.10Google Chrome Os 26.0.1410.29Google Chrome Os 26.0.1410.26Google Chrome Os 26.0.1410.7Google Chrome Os 26.0.1410.31Google Chrome Os 26.0.1410.46Google Chrome OsGoogle Chrome Os 26.0.1410.36Google Chrome Os 26.0.1410.45Google Chrome Os 26.0.1410.6Google Chrome Os 26.0.1410.48Google Chrome Os 26.0.1410.50Google Chrome Os 26.0.1410.20Google Chrome Os 26.0.1410.23Google Chrome Os 26.0.1410.17
7.2
CVSSv2
CVE-2020-17365
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and previous versions may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local us...
Pango Hotspot Shield
6.8
CVSSv2
CVE-2019-18397
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi up to and including 1.0.7 allows an malicious user to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this ...
Gnu FribidiDebian Debian Linux 10.0Debian Debian Linux 8.0Debian Debian Linux 9.0
6.8
CVSSv2
CVE-2011-0064
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) or ...
Gnome Pango 1.28.3Mozilla Firefox
6.8
CVSSv2
CVE-2009-1194
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango prior to 1.24 allows context-dependent malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-bas...
Pango Pango 1.6Pango Pango 1.14Pango Pango 1.16Pango Pango 1.8Pango Pango 1.4Pango PangoPango Pango 1.10Pango Pango 1.2Pango Pango 1.18Pango Pango 1.12Pango Pango 1.20
6.4
CVSSv2
CVE-2005-0966
The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote malicious users to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote malicious users to inject arbitrary Pango markup and pop up empty dialog ...
Rob Flynn Gaim 1.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook