Search for vulnerabilities
Vulnerability details: VCID-sdzx-zz7k-aaas
Vulnerability ID VCID-sdzx-zz7k-aaas
Aliases CVE-2011-0020
Summary Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
Status Published
Exploitability 2.0
Weighted Severity 7.1
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122 Heap-based Buffer Overflow
System Score Found at
cvssv3.1 7.5 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
generic_textual HIGH http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
rhas Moderate https://access.redhat.com/errata/RHSA-2011:0180
epss 0.05873 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.07842 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.07842 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.07842 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.07842 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.07842 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.07842 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.07842 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.07842 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.07842 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.07842 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.07842 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.07842 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.08955 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.08955 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.08955 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.08955 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.08955 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.08955 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.08955 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.08955 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.08955 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.08955 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.10992 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.12795 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.12795 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.12795 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.12795 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.17536 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.17536 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.17536 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.17536 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.17536 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.17536 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.17536 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.17536 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.17536 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.17536 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.17536 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
epss 0.17536 https://api.first.org/data/v1/epss?cve=CVE-2011-0020
cvssv2 7.6 https://nvd.nist.gov/vuln/detail/CVE-2011-0020
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://openwall.com/lists/oss-security/2011/01/18/6
http://openwall.com/lists/oss-security/2011/01/20/2
http://osvdb.org/70596
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0020.json
https://api.first.org/data/v1/epss?cve=CVE-2011-0020
https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616
https://bugzilla.gnome.org/show_bug.cgi?id=639882
https://bugzilla.redhat.com/show_bug.cgi?id=671122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0020
http://secunia.com/advisories/42934
http://secunia.com/advisories/43100
https://exchange.xforce.ibmcloud.com/vulnerabilities/64832
http://www.redhat.com/support/errata/RHSA-2011-0180.html
http://www.securityfocus.com/bid/45842
http://www.securitytracker.com/id?1024994
http://www.vupen.com/english/advisories/2011/0186
http://www.vupen.com/english/advisories/2011/0238
610792 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610792
cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:pango:1.28.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:pango:1.28.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:pango:1.28.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:pango:1.28.2:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.20:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.21:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.22:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.23:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.24:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.25:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:0.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:0.26:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.0:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.1:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.10:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.11:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.12:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.13:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.14:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.15:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.16:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.17:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.18:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.19:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.2:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.20:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.21:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.22:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.23:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.24:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.25:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.25:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.26:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.27:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.27:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.3:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.4:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.5:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.6:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.7:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.8:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pango:pango:1.9:*:*:*:*:*:*:*
CVE-2011-0020 https://nvd.nist.gov/vuln/detail/CVE-2011-0020
CVE-2011-0020;OSVDB-70596 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35232.txt
CVE-2011-0020;OSVDB-70596 Exploit https://www.securityfocus.com/bid/45842/info
GLSA-201405-13 https://security.gentoo.org/glsa/201405-13
RHSA-2011:0180 https://access.redhat.com/errata/RHSA-2011:0180
USN-1082-1 https://usn.ubuntu.com/1082-1/
Data source Exploit-DB
Date added Jan. 18, 2011
Description Pango Font Parsing - 'pangoft2-render.c' Heap Corruption
Ransomware campaign use Known
Source publication date Jan. 18, 2011
Exploit type remote
Platform linux
Source update date Nov. 14, 2014
Source URL https://www.securityfocus.com/bid/45842/info
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2011-0020
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.83865
EPSS Score 0.05873
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.