Search for packages
Package details: pkg:deb/debian/pango1.0@1.8.1-1
purl pkg:deb/debian/pango1.0@1.8.1-1
Next non-vulnerable version 1.42.4-8~deb10u1
Latest non-vulnerable version 1.42.4-8~deb10u1
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-2rvv-c4rf-aaan
Aliases:
CVE-2009-1194
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
VCID-a63q-zczs-aaap
Aliases:
CVE-2011-0064
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
1.30.0-1
Affected by 2 other vulnerabilities.
VCID-aptq-9f59-aaad
Aliases:
CVE-2018-15120
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
1.42.4-8~deb10u1
Affected by 0 other vulnerabilities.
VCID-evn6-11f3-aaad
Aliases:
CVE-2011-3193
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
VCID-fkt4-97ej-aaar
Aliases:
CVE-2010-0421
Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
VCID-n7rw-hr3g-aaap
Aliases:
CVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
1.42.4-8~deb10u1
Affected by 0 other vulnerabilities.
VCID-sdzx-zz7k-aaas
Aliases:
CVE-2011-0020
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
1.28.3-1+squeeze2
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T18:02:49.939085+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:58:37.940345+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:52:29.417500+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:24:52.575264+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:03:24.327703+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:01:57.817710+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:14:03.299046+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T01:09:48.012423+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap None 36.1.3
2025-06-20T23:31:05.863897+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad None 36.1.3
2025-06-20T22:55:02.649027+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar None 36.1.3
2025-06-20T22:35:34.178607+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad None 36.1.3
2025-06-20T22:09:25.844108+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap None 36.1.3
2025-06-20T20:59:44.992185+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan None 36.1.3
2025-06-20T20:49:19.339584+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas None 36.1.3
2025-06-08T11:50:40.172235+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:34:30.750921+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:43:42.805854+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:45:50.334763+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:19:24.787446+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:56:47.090315+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:56:53.073332+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:19:03.561356+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T18:32:27.407769+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap None 36.1.0
2025-06-07T16:54:00.951433+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad None 36.1.0
2025-06-07T16:18:19.394171+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar None 36.1.0
2025-06-07T15:59:33.575024+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad None 36.1.0
2025-06-07T15:33:25.585408+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap None 36.1.0
2025-06-07T14:26:57.415413+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan None 36.1.0
2025-06-07T14:20:51.009631+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas None 36.1.0
2025-04-12T21:55:15.130279+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:59:29.907193+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:46:22.740946+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:16:55.078296+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:25:43.314515+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:22:04.942333+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:35:41.362699+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:15:55.057754+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:16:05.371336+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:17:21.315756+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:50:46.380829+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:29:13.294725+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:28:45.009867+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:50:07.053472+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T17:10:07.654710+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap None 36.0.0
2025-04-07T15:26:58.266855+00:00 Debian Oval Importer Affected by VCID-aptq-9f59-aaad None 36.0.0
2025-04-07T14:49:56.736094+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar None 36.0.0
2025-04-07T14:30:39.824947+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad None 36.0.0
2025-04-07T14:04:23.625923+00:00 Debian Oval Importer Affected by VCID-n7rw-hr3g-aaap None 36.0.0
2025-04-07T12:59:16.471612+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan None 36.0.0
2025-04-07T12:53:34.023165+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas None 36.0.0
2024-11-28T11:10:10.579347+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T02:06:08.929657+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T02:00:36.926830+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T14:19:28.494826+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T02:50:51.379697+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-13T22:45:36.853000+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T16:25:04.517004+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T16:20:45.767776+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T08:26:15.098003+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T00:29:30.636309+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-21T03:37:35.820970+00:00 Debian Oval Importer Affected by VCID-evn6-11f3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T00:58:09.484373+00:00 Debian Oval Importer Affected by VCID-a63q-zczs-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T00:56:41.377524+00:00 Debian Oval Importer Affected by VCID-sdzx-zz7k-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T21:41:44.646670+00:00 Debian Oval Importer Affected by VCID-fkt4-97ej-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T18:48:24.694992+00:00 Debian Oval Importer Affected by VCID-2rvv-c4rf-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1