Search for packages
| purl | pkg:deb/debian/pango1.0@1.28.3-1%2Bsqueeze2 |
| Next non-vulnerable version | 1.42.4-8~deb10u1 |
| Latest non-vulnerable version | 1.42.4-8~deb10u1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-a63q-zczs-aaap
Aliases: CVE-2011-0064 |
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index. |
Affected by 2 other vulnerabilities. |
|
VCID-aptq-9f59-aaad
Aliases: CVE-2018-15120 |
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. |
Affected by 0 other vulnerabilities. |
|
VCID-n7rw-hr3g-aaap
Aliases: CVE-2019-1010238 |
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2rvv-c4rf-aaan | Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox. |
CVE-2009-1194
|
| VCID-evn6-11f3-aaad | Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. |
CVE-2011-3193
|
| VCID-fkt4-97ej-aaar | Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. |
CVE-2010-0421
|
| VCID-sdzx-zz7k-aaas | Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object. |
CVE-2011-0020
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T18:02:49.947231+00:00 | Debian Oval Importer | Affected by | VCID-aptq-9f59-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:58:37.946664+00:00 | Debian Oval Importer | Affected by | VCID-a63q-zczs-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:52:29.426734+00:00 | Debian Oval Importer | Fixing | VCID-fkt4-97ej-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:24:52.584409+00:00 | Debian Oval Importer | Fixing | VCID-evn6-11f3-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:03:24.336140+00:00 | Debian Oval Importer | Fixing | VCID-sdzx-zz7k-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:01:57.826555+00:00 | Debian Oval Importer | Fixing | VCID-2rvv-c4rf-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:14:03.307827+00:00 | Debian Oval Importer | Affected by | VCID-n7rw-hr3g-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T01:09:48.020926+00:00 | Debian Oval Importer | Affected by | VCID-a63q-zczs-aaap | None | 36.1.3 |
| 2025-06-20T23:31:05.871372+00:00 | Debian Oval Importer | Affected by | VCID-aptq-9f59-aaad | None | 36.1.3 |
| 2025-06-20T22:55:02.659076+00:00 | Debian Oval Importer | Fixing | VCID-fkt4-97ej-aaar | None | 36.1.3 |
| 2025-06-20T22:35:34.186527+00:00 | Debian Oval Importer | Fixing | VCID-evn6-11f3-aaad | None | 36.1.3 |
| 2025-06-20T22:09:25.852698+00:00 | Debian Oval Importer | Affected by | VCID-n7rw-hr3g-aaap | None | 36.1.3 |
| 2025-06-20T20:59:44.998587+00:00 | Debian Oval Importer | Fixing | VCID-2rvv-c4rf-aaan | None | 36.1.3 |
| 2025-06-20T20:49:19.345998+00:00 | Debian Oval Importer | Fixing | VCID-sdzx-zz7k-aaas | None | 36.1.3 |
| 2025-06-08T11:50:40.178320+00:00 | Debian Oval Importer | Fixing | VCID-fkt4-97ej-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:34:30.758114+00:00 | Debian Oval Importer | Affected by | VCID-aptq-9f59-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T09:43:42.814356+00:00 | Debian Oval Importer | Affected by | VCID-a63q-zczs-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:45:50.342007+00:00 | Debian Oval Importer | Fixing | VCID-fkt4-97ej-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:19:24.793702+00:00 | Debian Oval Importer | Fixing | VCID-evn6-11f3-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:56:47.096396+00:00 | Debian Oval Importer | Fixing | VCID-sdzx-zz7k-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:56:53.079623+00:00 | Debian Oval Importer | Fixing | VCID-2rvv-c4rf-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:19:03.569142+00:00 | Debian Oval Importer | Affected by | VCID-n7rw-hr3g-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T18:32:27.415046+00:00 | Debian Oval Importer | Affected by | VCID-a63q-zczs-aaap | None | 36.1.0 |
| 2025-06-07T16:54:00.957597+00:00 | Debian Oval Importer | Affected by | VCID-aptq-9f59-aaad | None | 36.1.0 |
| 2025-06-07T16:18:19.401178+00:00 | Debian Oval Importer | Fixing | VCID-fkt4-97ej-aaar | None | 36.1.0 |
| 2025-06-07T15:59:33.581138+00:00 | Debian Oval Importer | Fixing | VCID-evn6-11f3-aaad | None | 36.1.0 |
| 2025-06-07T15:33:25.591620+00:00 | Debian Oval Importer | Affected by | VCID-n7rw-hr3g-aaap | None | 36.1.0 |
| 2025-06-07T14:26:57.421616+00:00 | Debian Oval Importer | Fixing | VCID-2rvv-c4rf-aaan | None | 36.1.0 |
| 2025-06-07T14:20:51.015919+00:00 | Debian Oval Importer | Fixing | VCID-sdzx-zz7k-aaas | None | 36.1.0 |
| 2025-04-12T21:55:15.150532+00:00 | Debian Oval Importer | Affected by | VCID-a63q-zczs-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:59:29.927127+00:00 | Debian Oval Importer | Fixing | VCID-evn6-11f3-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:46:22.760753+00:00 | Debian Oval Importer | Fixing | VCID-2rvv-c4rf-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:16:55.099690+00:00 | Debian Oval Importer | Fixing | VCID-sdzx-zz7k-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:25:43.335070+00:00 | Debian Oval Importer | Affected by | VCID-aptq-9f59-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:22:04.962649+00:00 | Debian Oval Importer | Affected by | VCID-n7rw-hr3g-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:35:41.382286+00:00 | Debian Oval Importer | Fixing | VCID-fkt4-97ej-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:15:55.077075+00:00 | Debian Oval Importer | Affected by | VCID-aptq-9f59-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T08:16:05.394316+00:00 | Debian Oval Importer | Affected by | VCID-a63q-zczs-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:17:21.336648+00:00 | Debian Oval Importer | Fixing | VCID-fkt4-97ej-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:50:46.400762+00:00 | Debian Oval Importer | Fixing | VCID-evn6-11f3-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T06:29:13.314563+00:00 | Debian Oval Importer | Fixing | VCID-sdzx-zz7k-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:28:45.029422+00:00 | Debian Oval Importer | Fixing | VCID-2rvv-c4rf-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:50:07.073188+00:00 | Debian Oval Importer | Affected by | VCID-n7rw-hr3g-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T17:10:07.675915+00:00 | Debian Oval Importer | Affected by | VCID-a63q-zczs-aaap | None | 36.0.0 |
| 2025-04-07T15:26:58.288285+00:00 | Debian Oval Importer | Affected by | VCID-aptq-9f59-aaad | None | 36.0.0 |
| 2025-04-07T14:49:56.755680+00:00 | Debian Oval Importer | Fixing | VCID-fkt4-97ej-aaar | None | 36.0.0 |
| 2025-04-07T14:30:39.844906+00:00 | Debian Oval Importer | Fixing | VCID-evn6-11f3-aaad | None | 36.0.0 |
| 2025-04-07T14:04:23.647810+00:00 | Debian Oval Importer | Affected by | VCID-n7rw-hr3g-aaap | None | 36.0.0 |
| 2025-04-07T12:59:16.492638+00:00 | Debian Oval Importer | Fixing | VCID-2rvv-c4rf-aaan | None | 36.0.0 |
| 2025-04-07T12:53:34.044277+00:00 | Debian Oval Importer | Fixing | VCID-sdzx-zz7k-aaas | None | 36.0.0 |
| 2024-11-28T11:10:10.599343+00:00 | Debian Oval Importer | Fixing | VCID-evn6-11f3-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-28T02:06:08.949488+00:00 | Debian Oval Importer | Affected by | VCID-a63q-zczs-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-28T02:00:36.947072+00:00 | Debian Oval Importer | Fixing | VCID-sdzx-zz7k-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-27T14:19:28.514036+00:00 | Debian Oval Importer | Fixing | VCID-fkt4-97ej-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-27T02:50:51.399521+00:00 | Debian Oval Importer | Fixing | VCID-2rvv-c4rf-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-10-13T22:45:36.871528+00:00 | Debian Oval Importer | Fixing | VCID-evn6-11f3-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-13T16:25:04.536381+00:00 | Debian Oval Importer | Affected by | VCID-a63q-zczs-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-13T16:20:45.787240+00:00 | Debian Oval Importer | Fixing | VCID-sdzx-zz7k-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-13T08:26:15.116924+00:00 | Debian Oval Importer | Fixing | VCID-fkt4-97ej-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-13T00:29:30.655494+00:00 | Debian Oval Importer | Fixing | VCID-2rvv-c4rf-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-09-21T03:37:35.842442+00:00 | Debian Oval Importer | Fixing | VCID-evn6-11f3-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-21T00:58:09.505442+00:00 | Debian Oval Importer | Affected by | VCID-a63q-zczs-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-21T00:56:41.398570+00:00 | Debian Oval Importer | Fixing | VCID-sdzx-zz7k-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-20T21:41:44.667888+00:00 | Debian Oval Importer | Fixing | VCID-fkt4-97ej-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-20T18:48:24.720291+00:00 | Debian Oval Importer | Fixing | VCID-2rvv-c4rf-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |