Search for vulnerabilities
Vulnerability details: VCID-evn6-11f3-aaad
Vulnerability ID VCID-evn6-11f3-aaad
Aliases CVE-2011-3193
Summary Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2011:1323
rhas Moderate https://access.redhat.com/errata/RHSA-2011:1324
rhas Moderate https://access.redhat.com/errata/RHSA-2011:1325
rhas Moderate https://access.redhat.com/errata/RHSA-2011:1326
rhas Moderate https://access.redhat.com/errata/RHSA-2011:1327
rhas Moderate https://access.redhat.com/errata/RHSA-2011:1328
epss 0.02193 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.02193 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.02193 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.02193 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.02193 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.02193 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.02193 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.02193 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.02193 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.02193 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.03216 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.04038 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.05126 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.05126 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.05126 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.07162 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.10078 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.10078 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.10078 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
epss 0.10078 https://api.first.org/data/v1/epss?cve=CVE-2011-3193
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=733118
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2011-3193
Reference id Reference type URL
http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08
http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65
http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0
http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html
http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html
http://rhn.redhat.com/errata/RHSA-2011-1323.html
http://rhn.redhat.com/errata/RHSA-2011-1324.html
http://rhn.redhat.com/errata/RHSA-2011-1325.html
http://rhn.redhat.com/errata/RHSA-2011-1326.html
http://rhn.redhat.com/errata/RHSA-2011-1327.html
http://rhn.redhat.com/errata/RHSA-2011-1328.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3193.json
https://api.first.org/data/v1/epss?cve=CVE-2011-3193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3193
http://secunia.com/advisories/41537
http://secunia.com/advisories/46117
http://secunia.com/advisories/46118
http://secunia.com/advisories/46119
http://secunia.com/advisories/46128
http://secunia.com/advisories/46371
http://secunia.com/advisories/46410
http://secunia.com/advisories/49895
https://exchange.xforce.ibmcloud.com/vulnerabilities/69991
https://hermes.opensuse.org/messages/12056605
https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c
http://www.openwall.com/lists/oss-security/2011/08/22/6
http://www.openwall.com/lists/oss-security/2011/08/24/8
http://www.openwall.com/lists/oss-security/2011/08/25/1
http://www.osvdb.org/75652
http://www.securityfocus.com/bid/49723
http://www.ubuntu.com/usn/USN-1504-1
641738 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641738
733118 https://bugzilla.redhat.com/show_bug.cgi?id=733118
cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
CVE-2011-3193 https://nvd.nist.gov/vuln/detail/CVE-2011-3193
GLSA-201311-14 https://security.gentoo.org/glsa/201311-14
RHSA-2011:1323 https://access.redhat.com/errata/RHSA-2011:1323
RHSA-2011:1324 https://access.redhat.com/errata/RHSA-2011:1324
RHSA-2011:1325 https://access.redhat.com/errata/RHSA-2011:1325
RHSA-2011:1326 https://access.redhat.com/errata/RHSA-2011:1326
RHSA-2011:1327 https://access.redhat.com/errata/RHSA-2011:1327
RHSA-2011:1328 https://access.redhat.com/errata/RHSA-2011:1328
USN-1504-1 https://usn.ubuntu.com/1504-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2011-3193
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.89707
EPSS Score 0.02193
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.