VulnerableCode Package Details - pkg:deb/debian/pango1.0@1.30.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-aptq-9f59-aaad Aliases: CVE-2018-15120	libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.	1.42.4-8~deb10u1 Affected by 0 other vulnerabilities.
VCID-n7rw-hr3g-aaap Aliases: CVE-2019-1010238	Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.	1.42.4-8~deb10u1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-aptq-9f59-aaad
Aliases:
CVE-2018-15120

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.

1.42.4-8~deb10u1
Affected by 0 other vulnerabilities.

VCID-n7rw-hr3g-aaap
Aliases:
CVE-2019-1010238

Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.

1.42.4-8~deb10u1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-a63q-zczs-aaap	The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.	CVE-2011-0064

Vulnerability

Summary

Aliases

VCID-a63q-zczs-aaap

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

CVE-2011-0064

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T18:02:49.949597+00:00	Debian Oval Importer	Affected by	VCID-aptq-9f59-aaad	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T16:58:37.948225+00:00	Debian Oval Importer	Fixing	VCID-a63q-zczs-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T12:14:03.309932+00:00	Debian Oval Importer	Affected by	VCID-n7rw-hr3g-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T01:09:48.023072+00:00	Debian Oval Importer	Fixing	VCID-a63q-zczs-aaap	None	36.1.3
2025-06-20T23:31:05.873166+00:00	Debian Oval Importer	Affected by	VCID-aptq-9f59-aaad	None	36.1.3
2025-06-20T22:09:25.854819+00:00	Debian Oval Importer	Affected by	VCID-n7rw-hr3g-aaap	None	36.1.3
2025-06-08T10:34:30.759876+00:00	Debian Oval Importer	Affected by	VCID-aptq-9f59-aaad	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T09:43:42.816192+00:00	Debian Oval Importer	Fixing	VCID-a63q-zczs-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T05:19:03.570672+00:00	Debian Oval Importer	Affected by	VCID-n7rw-hr3g-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T18:32:27.416863+00:00	Debian Oval Importer	Fixing	VCID-a63q-zczs-aaap	None	36.1.0
2025-06-07T16:54:00.959077+00:00	Debian Oval Importer	Affected by	VCID-aptq-9f59-aaad	None	36.1.0
2025-06-07T15:33:25.593120+00:00	Debian Oval Importer	Affected by	VCID-n7rw-hr3g-aaap	None	36.1.0
2025-04-12T21:55:15.155581+00:00	Debian Oval Importer	Fixing	VCID-a63q-zczs-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:25:43.340066+00:00	Debian Oval Importer	Affected by	VCID-aptq-9f59-aaad	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T19:22:04.967629+00:00	Debian Oval Importer	Affected by	VCID-n7rw-hr3g-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T16:15:55.081933+00:00	Debian Oval Importer	Affected by	VCID-aptq-9f59-aaad	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T08:16:05.400061+00:00	Debian Oval Importer	Fixing	VCID-a63q-zczs-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T03:50:07.078079+00:00	Debian Oval Importer	Affected by	VCID-n7rw-hr3g-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T17:10:07.680911+00:00	Debian Oval Importer	Fixing	VCID-a63q-zczs-aaap	None	36.0.0
2025-04-07T15:26:58.293852+00:00	Debian Oval Importer	Affected by	VCID-aptq-9f59-aaad	None	36.0.0
2025-04-07T14:04:23.653320+00:00	Debian Oval Importer	Affected by	VCID-n7rw-hr3g-aaap	None	36.0.0
2024-11-28T02:06:08.954784+00:00	Debian Oval Importer	Fixing	VCID-a63q-zczs-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	35.0.0
2024-10-13T16:25:04.541100+00:00	Debian Oval Importer	Fixing	VCID-a63q-zczs-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.2
2024-09-21T00:58:09.511740+00:00	Debian Oval Importer	Fixing	VCID-a63q-zczs-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.1