{ "CVE_data_meta": { "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010238", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Pango", "version": { "version_data": [ { "version_value": "1.42 and later" } ] } } ] }, "vendor_name": "Gnome" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "url": "https://gitlab.gnome.org/GNOME/pango/blob/master/pango/pango-bidi-type.c", "refsource": "MISC", "name": "https://gitlab.gnome.org/GNOME/pango/blob/master/pango/pango-bidi-type.c" }, { "refsource": "UBUNTU", "name": "USN-4081-1", "url": "https://usn.ubuntu.com/4081-1/" }, { "refsource": "DEBIAN", "name": "DSA-4496", "url": "https://www.debian.org/security/2019/dsa-4496" }, { "refsource": "BUGTRAQ", "name": "20190812 [SECURITY] [DSA 4496-1] pango1.0 security update", "url": "https://seclists.org/bugtraq/2019/Aug/14" }, { "refsource": "FEDORA", "name": "FEDORA-2019-547be4a683", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6HWAHXJ2ZXINYMANHPFDDCJFWUQ57M4/" }, { "refsource": "REDHAT", "name": "RHSA-2019:2571", "url": "https://access.redhat.com/errata/RHSA-2019:2571" }, { "refsource": "REDHAT", "name": "RHSA-2019:2582", "url": "https://access.redhat.com/errata/RHSA-2019:2582" }, { "refsource": "FEDORA", "name": "FEDORA-2019-155e34df5a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VFFF4FY7SCAYT3EKTYPGRN6BVKZTH7Y7/" }, { "refsource": "GENTOO", "name": "GLSA-201909-03", "url": "https://security.gentoo.org/glsa/201909-03" }, { "refsource": "REDHAT", "name": "RHSA-2019:2594", "url": "https://access.redhat.com/errata/RHSA-2019:2594" }, { "refsource": "REDHAT", "name": "RHBA-2019:2824", "url": "https://access.redhat.com/errata/RHBA-2019:2824" }, { "refsource": "REDHAT", "name": "RHSA-2019:3234", "url": "https://access.redhat.com/errata/RHSA-2019:3234" } ] } }