CVE-2011-0064

NameCVE-2011-0064
DescriptionThe hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2178-1
NVD severitymedium (attack range: remote, user-initiated)
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pango1.0 (PTS)squeeze, squeeze (security)1.28.3-1+squeeze2fixed
wheezy1.30.0-1fixed
jessie, stretch, sid1.36.8-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pango1.0source(unstable)1.28.3-2~sid1medium
pango1.0sourcelenny(not affected)
pango1.0sourcesqueeze1.28.3-1+squeeze2mediumDSA-2178-1
pango1.0sourcewheezy1.28.3-1+squeeze2medium

Notes

[lenny] - pango1.0 <not-affected> (introduced in code cleanup)

Search for package or bug name: Reporting problems