Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-j9wd-5mav-47cx
Vulnerability ID VCID-j9wd-5mav-47cx
Aliases CVE-2019-1010238
Summary A buffer overflow in Pango might allow an attacker to execute arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010238.json
epss 0.03754 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
epss 0.03754 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
epss 0.03754 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
epss 0.03754 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
epss 0.04532 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
epss 0.04532 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
epss 0.04532 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
epss 0.04532 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
epss 0.04532 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
epss 0.04532 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
epss 0.04532 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
epss 0.04532 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
epss 0.04532 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
epss 0.04532 https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
cvssv3 7.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010238.json
https://api.first.org/data/v1/epss?cve=CVE-2019-1010238
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010238
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1737785 https://bugzilla.redhat.com/show_bug.cgi?id=1737785
933860 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933860
GLSA-201909-03 https://security.gentoo.org/glsa/201909-03
RHSA-2019:2571 https://access.redhat.com/errata/RHSA-2019:2571
RHSA-2019:2582 https://access.redhat.com/errata/RHSA-2019:2582
RHSA-2019:3234 https://access.redhat.com/errata/RHSA-2019:3234
USN-4081-1 https://usn.ubuntu.com/4081-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010238.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.88045
EPSS Score 0.03754
Published At April 21, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:02:49.096146+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201909-03 38.0.0