Strix
26.1K

CVE-2011-0020

UnknownEPSS 18.94%

Last modified

CVE-2011-0020 is a vulnerability of currently unknown severity. Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.. EPSS estimates a 18.94% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

Metrics

EPSS Probability
18.94%

96.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
GnomePango<= 1.28.3
GnomePango1.28.0
GnomePango1.28.1
GnomePango1.28.2
PangoPango0.20
PangoPango0.21
PangoPango0.22
PangoPango0.23
PangoPango0.24
PangoPango0.25
PangoPango0.26
PangoPango1.0
PangoPango1.1
PangoPango1.2
PangoPango1.3
PangoPango1.4
PangoPango1.5
PangoPango1.6
PangoPango1.7
PangoPango1.8
PangoPango1.9
PangoPango1.10
PangoPango1.11
PangoPango1.12
PangoPango1.13
PangoPango1.14
PangoPango1.15
PangoPango1.16
PangoPango1.17
PangoPango1.18
PangoPango1.19
PangoPango1.20
PangoPango1.21
PangoPango1.22
PangoPango1.23
PangoPango1.24
PangoPango1.25
PangoPango1.26
PangoPango1.27

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2011-0020?
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
How severe is CVE-2011-0020?
Severity scoring for CVE-2011-0020 is pending analysis. The EPSS model estimates a 18.94% probability of exploitation in the next 30 days.
How do I fix CVE-2011-0020?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-0020?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST