VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss	0.05692	https://api.first.org/data/v1/epss?cve=CVE-2011-0020
cvssv2	7.6	https://nvd.nist.gov/vuln/detail/CVE-2011-0020

System

Score

Found at

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

epss

0.05692

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

cvssv2

7.6

https://nvd.nist.gov/vuln/detail/CVE-2011-0020

Reference id

Reference type

URL

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

http://openwall.com/lists/oss-security/2011/01/18/6

http://openwall.com/lists/oss-security/2011/01/20/2

http://osvdb.org/70596

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0020.json

https://api.first.org/data/v1/epss?cve=CVE-2011-0020

https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616

https://bugzilla.gnome.org/show_bug.cgi?id=639882

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0020

http://secunia.com/advisories/42934

http://secunia.com/advisories/43100

https://exchange.xforce.ibmcloud.com/vulnerabilities/64832

http://www.redhat.com/support/errata/RHSA-2011-0180.html

http://www.securityfocus.com/bid/45842

http://www.securitytracker.com/id?1024994

http://www.vupen.com/english/advisories/2011/0186

http://www.vupen.com/english/advisories/2011/0238

610792

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610792

671122

https://bugzilla.redhat.com/show_bug.cgi?id=671122

cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*

cpe:2.3:a:gnome:pango:1.28.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:pango:1.28.0:*:*:*:*:*:*:*

cpe:2.3:a:gnome:pango:1.28.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:pango:1.28.1:*:*:*:*:*:*:*

cpe:2.3:a:gnome:pango:1.28.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:pango:1.28.2:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:0.20:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.20:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:0.21:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.21:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:0.22:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.22:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:0.23:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.23:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:0.24:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.24:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:0.25:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.25:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:0.26:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.26:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.0:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.1:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.10:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.10:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.11:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.11:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.12:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.12:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.13:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.13:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.14:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.14:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.15:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.15:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.16:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.16:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.17:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.17:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.18:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.18:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.19:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.19:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.2:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.20:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.20:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.21:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.21:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.22:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.22:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.23:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.23:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.24:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.24:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.25:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.25:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.26:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.26:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.27:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.27:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.3:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.4:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.5:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.6:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.7:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.7:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.8:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.8:*:*:*:*:*:*:*

cpe:2.3:a:pango:pango:1.9:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.9:*:*:*:*:*:*:*

CVE-2011-0020

https://nvd.nist.gov/vuln/detail/CVE-2011-0020

CVE-2011-0020;OSVDB-70596

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35232.txt

CVE-2011-0020;OSVDB-70596

Exploit

https://www.securityfocus.com/bid/45842/info

GLSA-201405-13

https://security.gentoo.org/glsa/201405-13

RHSA-2011:0180

https://access.redhat.com/errata/RHSA-2011:0180

USN-1082-1

https://usn.ubuntu.com/1082-1/

Data source	Exploit-DB
Date added	Jan. 18, 2011
Description	Pango Font Parsing - 'pangoft2-render.c' Heap Corruption
Ransomware campaign use	Known
Source publication date	Jan. 18, 2011
Exploit type	remote
Platform	linux
Source update date	Nov. 14, 2014
Source URL	https://www.securityfocus.com/bid/45842/info

Exploit-DB

Jan. 18, 2011

Pango Font Parsing - 'pangoft2-render.c' Heap Corruption

Known

Jan. 18, 2011

remote

linux

Nov. 14, 2014

https://www.securityfocus.com/bid/45842/info

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:01:08.940024+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/201405-13	38.0.0

2026-04-01T13:01:08.940024+00:00

Gentoo Importer

Import

https://security.gentoo.org/glsa/201405-13

38.0.0

Vulnerability ID	VCID-a2tx-5gg2-ebak
Aliases	CVE-2011-0020
Summary	Multiple vulnerabilities have been found in Pango, the worst of which allow execution of arbitrary code or Denial of Service.
Status	Published
Exploitability	2.0
Weighted Severity	6.8
Risk	10.0
Affected and Fixed Packages	Package Details

CWE-122	Heap-based Buffer Overflow
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer

Percentile	0.90366
EPSS Score	0.05692
Published At	April 1, 2026, 12:55 p.m.