Search for packages
Package details: pkg:deb/debian/pango1.0@1.14.8-5
purl pkg:deb/debian/pango1.0@1.14.8-5
Next non-vulnerable version 1.42.4-8~deb10u1
Latest non-vulnerable version 1.42.4-8~deb10u1
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-2rvv-c4rf-aaan
Aliases:
CVE-2009-1194
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
VCID-a63q-zczs-aaap
Aliases:
CVE-2011-0064
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
1.30.0-1
Affected by 2 other vulnerabilities.
VCID-aptq-9f59-aaad
Aliases:
CVE-2018-15120
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
1.42.4-8~deb10u1
Affected by 0 other vulnerabilities.
VCID-evn6-11f3-aaad
Aliases:
CVE-2011-3193
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
VCID-fkt4-97ej-aaar
Aliases:
CVE-2010-0421
Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
VCID-n7rw-hr3g-aaap
Aliases:
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
1.42.4-8~deb10u1
Affected by 0 other vulnerabilities.
VCID-sdzx-zz7k-aaas
Aliases:
CVE-2011-0020
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T18:02:49.941030+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:58:37.941985+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:52:29.419814+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:24:52.577581+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:03:24.329836+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:01:57.820134+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:14:03.301337+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T01:09:48.014618+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap None 36.1.3
2025-06-20T23:31:05.865892+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad None 36.1.3
2025-06-20T22:55:02.651274+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar None 36.1.3
2025-06-20T22:35:34.180540+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad None 36.1.3
2025-06-20T22:09:25.846189+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap None 36.1.3
2025-06-20T20:59:44.993796+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan None 36.1.3
2025-06-20T20:49:19.341105+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas None 36.1.3
2025-06-08T11:50:40.173779+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:34:30.752735+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:43:42.808487+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:45:50.336584+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:19:24.789020+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:56:47.091857+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:56:53.074902+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:19:03.563858+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T18:32:27.409583+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap None 36.1.0
2025-06-07T16:54:00.952989+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad None 36.1.0
2025-06-07T16:18:19.395942+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar None 36.1.0
2025-06-07T15:59:33.576555+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad None 36.1.0
2025-06-07T15:33:25.587047+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap None 36.1.0
2025-06-07T14:26:57.416985+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan None 36.1.0
2025-06-07T14:20:51.011187+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas None 36.1.0
2025-04-12T21:55:15.135101+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:59:29.912222+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:46:22.745962+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:16:55.083592+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:25:43.319677+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:22:04.947320+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:35:41.367549+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:15:55.062366+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:16:05.377213+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:17:21.320918+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:50:46.385787+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:29:13.299597+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:28:45.014777+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:50:07.058435+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T17:10:07.659625+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap None 36.0.0
2025-04-07T15:26:58.272161+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad None 36.0.0
2025-04-07T14:49:56.740821+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar None 36.0.0
2025-04-07T14:30:39.829936+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad None 36.0.0
2025-04-07T14:04:23.631525+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap None 36.0.0
2025-04-07T12:59:16.476884+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan None 36.0.0
2025-04-07T12:53:34.028406+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas None 36.0.0
2024-11-28T11:10:10.584376+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T02:06:08.934673+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T02:00:36.931806+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T14:19:28.499277+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T02:50:51.384594+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-13T22:45:36.857706+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T16:25:04.521962+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T16:20:45.772610+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T08:26:15.102581+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T00:29:30.641054+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-21T03:37:35.826449+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T00:58:09.489685+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T00:56:41.382764+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T21:41:44.651884+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T18:48:24.701346+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1