Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2019-18397

Published: 13/11/2019 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Fribidi

Vulnerability Summary

A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi up to and including 1.0.7 allows an malicious user to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu fribidi

debian debian linux 10.0

debian debian linux 8.0

debian debian linux 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: fribidi: CVE-2019-18397
Debian Bug report logs - #944327 fribidi: CVE-2019-18397 Package: src:fribidi; Maintainer for src:fribidi is Debian Hebrew Packaging Team <team+hebrew@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 7 Nov 2019 23:51:02 UTC Severity: grave Tags: patch, pending, security, upstream ...
Ubuntu Security Notice: fribidi vulnerability
Applications using FriBidi could be made to crash or run programs as your login if it displayed specially crafted text ...
Debian Security Advisories: DSA-4561-1 fribidi -- security update
Alex Murray discovered a stack-based buffer overflow vulnerability in fribidi, an implementation of the Unicode Bidirectional Algorithm algorithm, which could result in denial of service or potentially the execution of arbitrary code, when processing a large number of unicode isolate directional characters For the stable distribution (buster), thi ...
Red Hat: Important: fribidi security update
Synopsis Important: fribidi security update Type/Severity Security Advisory: Important Topic An update for fribidi is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Important: fribidi security update
Synopsis Important: fribidi security update Type/Severity Security Advisory: Important Topic An update for fribidi is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: fribidi security update
Synopsis Important: fribidi security update Type/Severity Security Advisory: Important Topic An update for fribidi is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Red Hat: Moderate: Red Hat CodeReady Workspaces 2.1.0 release
Synopsis Moderate: Red Hat CodeReady Workspaces 210 release Type/Severity Security Advisory: Moderate Topic Red Hat CodeReady Workspaces 210 has been releasedRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, ...
Amazon Linux 2: ALAS2-2020-1434
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidic of GNU FriBidi through 107 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculation ...

Mailing Lists

Full Disclosure: CVE-2019-18397 - Stack buffer overflow in GNU FriBidi >= 1.0.0
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2019-18397 - Stack buffer overflow in GNU FriBidi &gt;= 100 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: ...

References

CWE-120https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568https://security-tracker.debian.org/tracker/CVE-2019-18397https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944327https://marc.info/?l=oss-security&m=157322128105807&w=2https://access.redhat.com/errata/RHSA-2019:4326https://access.redhat.com/errata/RHSA-2019:4361https://access.redhat.com/errata/RHSA-2020:0291https://security.gentoo.org/glsa/202003-41https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5UJRTG32FDNI7T637Q6PZYL3UCRR5HR/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFS3N6KKXPI6ATDNEUFRSLX7R6BOBNIP/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944327https://usn.ubuntu.com/4179-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook