FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
456375e1-cd09-11ea-9172-4c72b94353b5pango -- buffer overflow

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.


Discovery 2019-07-19
Entry 2020-07-23
Modified 2020-09-26
pango
< 1.42.4_5

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010238
https://nvd.nist.gov/vuln/detail/CVE-2019-1010238
CVE-2019-1010238
5a757a31-f98e-4bd4-8a85-f1c0f3409769pango -- remote DoS vulnerability

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.


Discovery 2018-08-06
Entry 2018-10-01
pango
< 1.42.4

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15120
https://www.exploit-db.com/exploits/45263/
https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html
https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f
CVE-2018-15120
4b172278-3f46-11de-becb-001cc0377035pango -- integer overflow

oCERT reports:

Pango suffers from a multiplicative integer overflow which may lead to a potentially exploitable, heap overflow depending on the calling conditions.

For example, this vulnerability is remotely reachable in Firefox by creating an overly large document.location value but only results in a process-terminating, allocation error (denial of service).

The affected function is pango_glyph_string_set_size. An overflow check when doubling the size neglects the overflow possible on the subsequent allocation.


Discovery 2009-02-22
Entry 2009-05-13
Modified 2009-10-01
pango
linux-pango
linux-f8-pango
linux-f10-pango
< 1.24

34870
CVE-2009-1194
http://secunia.com/advisories/35021/