First published: Fri Jul 19 2019(Updated: )
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
Credit: josh@bress.net josh@bress.net
Affected Software | Affected Version | How to fix |
---|---|---|
Gnome Pango | >=1.42.0<=1.44 | |
Oracle SD-WAN Edge | =7.3 | |
Oracle SD-WAN Edge | =8.0 | |
Oracle SD-WAN Edge | =8.1 | |
Oracle SD-WAN Edge | =8.2 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =19.04 | |
Redhat Openshift Container Platform | =3.11 | |
Redhat Openshift Container Platform | =4.1 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Eus | =7.4 | |
Redhat Enterprise Linux Eus | =7.6 | |
Redhat Enterprise Linux Eus | =8.1 | |
Redhat Enterprise Linux Eus | =8.2 | |
Redhat Enterprise Linux Eus | =8.4 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =7.6 | |
Redhat Enterprise Linux Server Aus | =7.7 | |
Redhat Enterprise Linux Server Aus | =8.2 | |
Redhat Enterprise Linux Server Aus | =8.4 | |
Redhat Enterprise Linux Server Tus | =7.6 | |
Redhat Enterprise Linux Server Tus | =7.7 | |
Redhat Enterprise Linux Server Tus | =8.2 | |
Redhat Enterprise Linux Server Tus | =8.4 | |
Redhat Enterprise Linux Workstation | =7.0 | |
ubuntu/pango1.0 | <1.42.4-6ubuntu0.1 | 1.42.4-6ubuntu0.1 |
debian/pango1.0 | 1.46.2-3 1.50.12+ds-1 1.54.0+ds-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-1010238.
The severity of CVE-2019-1010238 is critical with a severity value of 9.8.
The impact of CVE-2019-1010238 is a heap based buffer overflow that can be used to get code execution.
Gnome Pango 1.42 and later, Oracle SD-WAN Edge, Fedoraproject Fedora, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Openshift Container Platform, Redhat Enterprise Linux, and Redhat Enterprise Linux Server are affected by CVE-2019-1010238.
To fix CVE-2019-1010238, update the affected software to version 1.42.4-6ubuntu0.1 or apply the recommended patches.