Search for vulnerabilities
Vulnerability details: VCID-a63q-zczs-aaap
Vulnerability ID VCID-a63q-zczs-aaap
Aliases CVE-2011-0064
Summary The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3.1 7.5 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
generic_textual HIGH http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
rhas Critical https://access.redhat.com/errata/RHSA-2011:0309
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.02563 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.07426 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.10019 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.10019 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.10019 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.10019 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
epss 0.13559 https://api.first.org/data/v1/epss?cve=CVE-2011-0064
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2011-0064
Reference id Reference type URL
http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0064.json
https://api.first.org/data/v1/epss?cve=CVE-2011-0064
https://bugzilla.mozilla.org/show_bug.cgi?id=606997
https://bugzilla.novell.com/show_bug.cgi?id=672502
https://bugzilla.redhat.com/show_bug.cgi?id=678563
https://build.opensuse.org/request/show/63070
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0064
http://secunia.com/advisories/43559
http://secunia.com/advisories/43572
http://secunia.com/advisories/43578
http://secunia.com/advisories/43800
http://securitytracker.com/id?1025145
https://exchange.xforce.ibmcloud.com/vulnerabilities/65770
http://www.debian.org/security/2011/dsa-2178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
http://www.redhat.com/support/errata/RHSA-2011-0309.html
http://www.securityfocus.com/bid/46632
http://www.ubuntu.com/usn/USN-1082-1
http://www.vupen.com/english/advisories/2011/0543
http://www.vupen.com/english/advisories/2011/0555
http://www.vupen.com/english/advisories/2011/0558
http://www.vupen.com/english/advisories/2011/0584
http://www.vupen.com/english/advisories/2011/0683
cpe:2.3:a:gnome:pango:1.28.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:pango:1.28.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
CVE-2011-0064 https://nvd.nist.gov/vuln/detail/CVE-2011-0064
GLSA-201405-13 https://security.gentoo.org/glsa/201405-13
RHSA-2011:0309 https://access.redhat.com/errata/RHSA-2011:0309
USN-1082-1 https://usn.ubuntu.com/1082-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2011-0064
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.84179
EPSS Score 0.02563
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.