REDHAT-BUG-1737785: Buffer Overflow
First published: Tue Aug 06 2019(Updated: )
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. External References: <a href="https://packetstormsecurity.com/files/153838/USN-4081-1.txt">https://packetstormsecurity.com/files/153838/USN-4081-1.txt</a> <a href="https://gitlab.gnome.org/GNOME/pango/issues/342">https://gitlab.gnome.org/GNOME/pango/issues/342</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME Pango | >=1.42 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://packetstormsecurity.com/files/153838/USN-4081-1.txt
- https://gitlab.gnome.org/GNOME/pango/issues/342
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1737786
- https://gitlab.gnome.org/GNOME/pango/commit/490f8979a260c16b1df055eab386345da18a2d54
- https://access.redhat.com/errata/RHSA-2019:2571
- https://access.redhat.com/security/cve/cve-2019-1010238
- https://access.redhat.com/errata/RHSA-2019:2582
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1738459
- https://access.redhat.com/errata/RHSA-2019:3234
- https://bugzilla.redhat.com/show_bug.cgi?id=1737785
Frequently Asked Questions
What is the severity of REDHAT-BUG-1737785?
The severity of REDHAT-BUG-1737785 is critical due to its potential for heap-based buffer overflow leading to code execution.
How do I fix REDHAT-BUG-1737785?
To fix REDHAT-BUG-1737785, it is recommended to update Gnome Pango to the latest patched version that addresses this vulnerability.
What versions of Gnome Pango are affected by REDHAT-BUG-1737785?
Gnome Pango version 1.42 and later are affected by REDHAT-BUG-1737785.
What type of vulnerability is REDHAT-BUG-1737785?
REDHAT-BUG-1737785 is classified as a buffer overflow vulnerability.
What component of Gnome Pango is affected by REDHAT-BUG-1737785?
The component affected by REDHAT-BUG-1737785 is the function pango_log2vis_get_embedding_levels.
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-1010238
- agent/type
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/gnome
- canonical/gnome pango