Search for packages
Package details: pkg:deb/debian/pango1.0@1.20.5-6
purl pkg:deb/debian/pango1.0@1.20.5-6
Next non-vulnerable version 1.42.4-8~deb10u1
Latest non-vulnerable version 1.42.4-8~deb10u1
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-2rvv-c4rf-aaan
Aliases:
CVE-2009-1194
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
VCID-a63q-zczs-aaap
Aliases:
CVE-2011-0064
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
1.30.0-1
Affected by 2 other vulnerabilities.
VCID-aptq-9f59-aaad
Aliases:
CVE-2018-15120
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
1.42.4-8~deb10u1
Affected by 0 other vulnerabilities.
VCID-evn6-11f3-aaad
Aliases:
CVE-2011-3193
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
VCID-fkt4-97ej-aaar
Aliases:
CVE-2010-0421
Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
VCID-n7rw-hr3g-aaap
Aliases:
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
1.42.4-8~deb10u1
Affected by 0 other vulnerabilities.
VCID-sdzx-zz7k-aaas
Aliases:
CVE-2011-0020
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T18:02:49.945087+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:58:37.945110+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:52:29.424442+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:24:52.582172+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:03:24.333765+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:01:57.824614+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:14:03.305717+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T01:09:48.018809+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap None 36.1.3
2025-06-20T23:31:05.869570+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad None 36.1.3
2025-06-20T22:55:02.656671+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar None 36.1.3
2025-06-20T22:35:34.184640+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad None 36.1.3
2025-06-20T22:09:25.850447+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap None 36.1.3
2025-06-20T20:59:44.997006+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan None 36.1.3
2025-06-20T20:49:19.344264+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas None 36.1.3
2025-06-08T11:50:40.176801+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:34:30.756309+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:43:42.812475+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:45:50.340157+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:19:24.792102+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:56:47.094884+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:56:53.077926+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:19:03.567598+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T18:32:27.413181+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap None 36.1.0
2025-06-07T16:54:00.956095+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad None 36.1.0
2025-06-07T16:18:19.399104+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar None 36.1.0
2025-06-07T15:59:33.579617+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad None 36.1.0
2025-06-07T15:33:25.590120+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap None 36.1.0
2025-06-07T14:26:57.420061+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan None 36.1.0
2025-06-07T14:20:51.014218+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas None 36.1.0
2025-04-12T21:55:15.145654+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:59:29.922151+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:46:22.755905+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:16:55.094226+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:25:43.329995+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:22:04.957475+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:35:41.377456+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:15:55.072176+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:16:05.388752+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:17:21.331461+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:50:46.395830+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:29:13.309614+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:28:45.024499+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:50:07.068290+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T17:10:07.670974+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap None 36.0.0
2025-04-07T15:26:58.282962+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad None 36.0.0
2025-04-07T14:49:56.750713+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar None 36.0.0
2025-04-07T14:30:39.839894+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad None 36.0.0
2025-04-07T14:04:23.642555+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap None 36.0.0
2025-04-07T12:59:16.487293+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan None 36.0.0
2025-04-07T12:53:34.038915+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas None 36.0.0
2024-11-28T11:10:10.594220+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T02:06:08.944719+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T02:00:36.942066+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T14:19:28.509304+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T02:50:51.394143+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-13T22:45:36.866937+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T16:25:04.531574+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T16:20:45.782484+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T08:26:15.112179+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T00:29:30.650812+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-21T03:37:35.837035+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T00:58:09.500128+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T00:56:41.393338+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T21:41:44.662571+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T18:48:24.713734+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1