CVE-2010-3444

NameCVE-2010-3444
DescriptionBuffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string that causes original 2-byte UTF-8 sequences to be transformed into 3-byte sequences.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs570068

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pyfribidi (PTS)buster0.11.0+repack-3fixed
bullseye0.12.0+repack-7fixed
bookworm0.12.0+repack-9fixed
sid, trixie0.12.0+repack-10fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pyfribidisourcelenny(not affected)
pyfribidisource(unstable)0.10.0-2570068

Notes

[lenny] - pyfribidi <not-affected> (fribidi 0.19.1 or higher needs to be installed to trigger this)
Search for package or bug name: Reporting problems