Search for packages
Package details: pkg:deb/debian/pango1.0@1.14.8-5%2Betch1
purl pkg:deb/debian/pango1.0@1.14.8-5%2Betch1
Next non-vulnerable version 1.42.4-8~deb10u1
Latest non-vulnerable version 1.42.4-8~deb10u1
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-2rvv-c4rf-aaan
Aliases:
CVE-2009-1194
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
VCID-a63q-zczs-aaap
Aliases:
CVE-2011-0064
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
1.30.0-1
Affected by 2 other vulnerabilities.
VCID-aptq-9f59-aaad
Aliases:
CVE-2018-15120
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
1.42.4-8~deb10u1
Affected by 0 other vulnerabilities.
VCID-evn6-11f3-aaad
Aliases:
CVE-2011-3193
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
VCID-fkt4-97ej-aaar
Aliases:
CVE-2010-0421
Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
VCID-n7rw-hr3g-aaap
Aliases:
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
1.42.4-8~deb10u1
Affected by 0 other vulnerabilities.
VCID-sdzx-zz7k-aaas
Aliases:
CVE-2011-0020
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T18:02:49.943079+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:58:37.943561+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:52:29.422119+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:24:52.579942+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:03:24.331816+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:01:57.822369+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:14:03.303569+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T01:09:48.016693+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap None 36.1.3
2025-06-20T23:31:05.867715+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad None 36.1.3
2025-06-20T22:55:02.654116+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar None 36.1.3
2025-06-20T22:35:34.182533+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad None 36.1.3
2025-06-20T22:09:25.848325+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap None 36.1.3
2025-06-20T20:59:44.995357+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan None 36.1.3
2025-06-20T20:49:19.342640+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas None 36.1.3
2025-06-08T11:50:40.175291+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:34:30.754530+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:43:42.810293+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:45:50.338383+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:19:24.790571+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:56:47.093358+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:56:53.076439+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:19:03.566012+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T18:32:27.411384+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap None 36.1.0
2025-06-07T16:54:00.954563+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad None 36.1.0
2025-06-07T16:18:19.397529+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar None 36.1.0
2025-06-07T15:59:33.578088+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad None 36.1.0
2025-06-07T15:33:25.588613+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap None 36.1.0
2025-06-07T14:26:57.418530+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan None 36.1.0
2025-06-07T14:20:51.012719+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas None 36.1.0
2025-04-12T21:55:15.140482+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:59:29.917199+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:46:22.750882+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:16:55.088924+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:25:43.324678+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:22:04.952255+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:35:41.372435+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:15:55.067281+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:16:05.382851+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:17:21.326190+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:50:46.390810+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:29:13.304619+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:28:45.019615+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:50:07.063370+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T17:10:07.665817+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap None 36.0.0
2025-04-07T15:26:58.277489+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad None 36.0.0
2025-04-07T14:49:56.745823+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar None 36.0.0
2025-04-07T14:30:39.834918+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad None 36.0.0
2025-04-07T14:04:23.636922+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap None 36.0.0
2025-04-07T12:59:16.482085+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan None 36.0.0
2025-04-07T12:53:34.033704+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas None 36.0.0
2024-11-28T11:10:10.589233+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T02:06:08.939946+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T02:00:36.937445+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T14:19:28.504297+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T02:50:51.389428+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-13T22:45:36.862333+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T16:25:04.526875+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T16:20:45.777779+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T08:26:15.107333+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T00:29:30.645831+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-21T03:37:35.831805+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T00:58:09.494890+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T00:56:41.388071+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T21:41:44.657236+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T18:48:24.707609+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1