CVE-2011-0020

NameCVE-2011-0020
DescriptionHeap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs610792

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pango1.0 (PTS)buster1.42.4-8~deb10u1fixed
buster (security)1.42.4-7~deb10u1fixed
bullseye1.46.2-3fixed
bookworm1.50.12+ds-1fixed
trixie1.52.0+ds-1fixed
sid1.52.1+ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pango1.0source(unstable)1.28.3-1+squeeze1610792

Search for package or bug name: Reporting problems