CVE-2011-3193 Detail

CVE-2011-3193

CVE Descriptions

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-787	Out-of-bounds Write The product writes data past the end, or before the beginning, of the intended buffer.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	9.3		AV:N/AC:M/Au:N/C:C/I:C/A:C	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Gnome>>Pango >> Version To (excluding) 1.25.1

Gnome>>Pango >> Version 1.0.0 (Open CPE detail)
Gnome>>Pango >> Version 1.0.0 (Open CPE detail)
Gnome>>Pango >> Version 1.0.0 (Open CPE detail)
Gnome>>Pango >> Version 1.0.1 (Open CPE detail)
Gnome>>Pango >> Version 1.0.2 (Open CPE detail)
Gnome>>Pango >> Version 1.0.3 (Open CPE detail)
Gnome>>Pango >> Version 1.0.4 (Open CPE detail)
Gnome>>Pango >> Version 1.0.5 (Open CPE detail)
Gnome>>Pango >> Version 1.1.0 (Open CPE detail)
Gnome>>Pango >> Version 1.1.1 (Open CPE detail)
Gnome>>Pango >> Version 1.1.2 (Open CPE detail)
Gnome>>Pango >> Version 1.1.3 (Open CPE detail)
Gnome>>Pango >> Version 1.1.5 (Open CPE detail)
Gnome>>Pango >> Version 1.2.0 (Open CPE detail)
Gnome>>Pango >> Version 1.2.1 (Open CPE detail)
Gnome>>Pango >> Version 1.2.2 (Open CPE detail)
Gnome>>Pango >> Version 1.2.3 (Open CPE detail)
Gnome>>Pango >> Version 1.2.4 (Open CPE detail)
Gnome>>Pango >> Version 1.3.0 (Open CPE detail)
Gnome>>Pango >> Version 1.3.1 (Open CPE detail)
Gnome>>Pango >> Version 1.3.2 (Open CPE detail)
Gnome>>Pango >> Version 1.3.3 (Open CPE detail)
Gnome>>Pango >> Version 1.3.5 (Open CPE detail)
Gnome>>Pango >> Version 1.3.6 (Open CPE detail)
Gnome>>Pango >> Version 1.4.0 (Open CPE detail)
Gnome>>Pango >> Version 1.4.1 (Open CPE detail)
Gnome>>Pango >> Version 1.5.0 (Open CPE detail)
Gnome>>Pango >> Version 1.5.1 (Open CPE detail)
Gnome>>Pango >> Version 1.5.2 (Open CPE detail)
Gnome>>Pango >> Version 1.6.0 (Open CPE detail)
Gnome>>Pango >> Version 1.7.0 (Open CPE detail)
Gnome>>Pango >> Version 1.8.0 (Open CPE detail)
Gnome>>Pango >> Version 1.8.1 (Open CPE detail)
Gnome>>Pango >> Version 1.8.2 (Open CPE detail)
Gnome>>Pango >> Version 1.9.0 (Open CPE detail)
Gnome>>Pango >> Version 1.9.1 (Open CPE detail)
Gnome>>Pango >> Version 1.10.0 (Open CPE detail)
Gnome>>Pango >> Version 1.10.1 (Open CPE detail)
Gnome>>Pango >> Version 1.10.2 (Open CPE detail)
Gnome>>Pango >> Version 1.10.3 (Open CPE detail)
Gnome>>Pango >> Version 1.10.4 (Open CPE detail)
Gnome>>Pango >> Version 1.11.0 (Open CPE detail)
Gnome>>Pango >> Version 1.11.1 (Open CPE detail)
Gnome>>Pango >> Version 1.11.3 (Open CPE detail)
Gnome>>Pango >> Version 1.11.4 (Open CPE detail)
Gnome>>Pango >> Version 1.11.5 (Open CPE detail)
Gnome>>Pango >> Version 1.11.6 (Open CPE detail)
Gnome>>Pango >> Version 1.11.99 (Open CPE detail)
Gnome>>Pango >> Version 1.12.0 (Open CPE detail)
Gnome>>Pango >> Version 1.12.1 (Open CPE detail)
Gnome>>Pango >> Version 1.12.2 (Open CPE detail)
Gnome>>Pango >> Version 1.12.3 (Open CPE detail)
Gnome>>Pango >> Version 1.12.4 (Open CPE detail)
Gnome>>Pango >> Version 1.13.0 (Open CPE detail)
Gnome>>Pango >> Version 1.13.1 (Open CPE detail)
Gnome>>Pango >> Version 1.13.2 (Open CPE detail)
Gnome>>Pango >> Version 1.13.3 (Open CPE detail)
Gnome>>Pango >> Version 1.13.4 (Open CPE detail)
Gnome>>Pango >> Version 1.13.5 (Open CPE detail)
Gnome>>Pango >> Version 1.14.0 (Open CPE detail)
Gnome>>Pango >> Version 1.14.1 (Open CPE detail)
Gnome>>Pango >> Version 1.14.2 (Open CPE detail)
Gnome>>Pango >> Version 1.14.3 (Open CPE detail)
Gnome>>Pango >> Version 1.14.4 (Open CPE detail)
Gnome>>Pango >> Version 1.14.5 (Open CPE detail)
Gnome>>Pango >> Version 1.14.6 (Open CPE detail)
Gnome>>Pango >> Version 1.14.7 (Open CPE detail)
Gnome>>Pango >> Version 1.14.8 (Open CPE detail)
Gnome>>Pango >> Version 1.14.9 (Open CPE detail)
Gnome>>Pango >> Version 1.14.10 (Open CPE detail)
Gnome>>Pango >> Version 1.15.0 (Open CPE detail)
Gnome>>Pango >> Version 1.15.1 (Open CPE detail)
Gnome>>Pango >> Version 1.15.2 (Open CPE detail)
Gnome>>Pango >> Version 1.15.3 (Open CPE detail)
Gnome>>Pango >> Version 1.15.4 (Open CPE detail)
Gnome>>Pango >> Version 1.15.5 (Open CPE detail)
Gnome>>Pango >> Version 1.15.6 (Open CPE detail)
Gnome>>Pango >> Version 1.16.0 (Open CPE detail)
Gnome>>Pango >> Version 1.16.1 (Open CPE detail)
Gnome>>Pango >> Version 1.16.2 (Open CPE detail)
Gnome>>Pango >> Version 1.16.3 (Open CPE detail)
Gnome>>Pango >> Version 1.16.4 (Open CPE detail)
Gnome>>Pango >> Version 1.16.5 (Open CPE detail)
Gnome>>Pango >> Version 1.17.0 (Open CPE detail)
Gnome>>Pango >> Version 1.17.1 (Open CPE detail)
Gnome>>Pango >> Version 1.17.2 (Open CPE detail)
Gnome>>Pango >> Version 1.17.3 (Open CPE detail)
Gnome>>Pango >> Version 1.17.5 (Open CPE detail)
Gnome>>Pango >> Version 1.18.0 (Open CPE detail)
Gnome>>Pango >> Version 1.18.1 (Open CPE detail)
Gnome>>Pango >> Version 1.18.2 (Open CPE detail)
Gnome>>Pango >> Version 1.18.3 (Open CPE detail)
Gnome>>Pango >> Version 1.18.4 (Open CPE detail)
Gnome>>Pango >> Version 1.19.1 (Open CPE detail)
Gnome>>Pango >> Version 1.19.2 (Open CPE detail)
Gnome>>Pango >> Version 1.19.3 (Open CPE detail)
Gnome>>Pango >> Version 1.19.4 (Open CPE detail)
Gnome>>Pango >> Version 1.20.0 (Open CPE detail)
Gnome>>Pango >> Version 1.20.1 (Open CPE detail)
Gnome>>Pango >> Version 1.20.2 (Open CPE detail)
Gnome>>Pango >> Version 1.20.3 (Open CPE detail)
Gnome>>Pango >> Version 1.20.4 (Open CPE detail)
Gnome>>Pango >> Version 1.20.5 (Open CPE detail)
Gnome>>Pango >> Version 1.21.0 (Open CPE detail)
Gnome>>Pango >> Version 1.21.1 (Open CPE detail)
Gnome>>Pango >> Version 1.21.2 (Open CPE detail)
Gnome>>Pango >> Version 1.21.3 (Open CPE detail)
Gnome>>Pango >> Version 1.21.5 (Open CPE detail)
Gnome>>Pango >> Version 1.21.6 (Open CPE detail)
Gnome>>Pango >> Version 1.22.0 (Open CPE detail)
Gnome>>Pango >> Version 1.22.2 (Open CPE detail)
Gnome>>Pango >> Version 1.22.3 (Open CPE detail)
Gnome>>Pango >> Version 1.22.4 (Open CPE detail)
Gnome>>Pango >> Version 1.23.0 (Open CPE detail)
Gnome>>Pango >> Version 1.24.0 (Open CPE detail)
Gnome>>Pango >> Version 1.24.1 (Open CPE detail)
Gnome>>Pango >> Version 1.24.2 (Open CPE detail)
Gnome>>Pango >> Version 1.24.3 (Open CPE detail)
Gnome>>Pango >> Version 1.24.4 (Open CPE detail)
Gnome>>Pango >> Version 1.24.5 (Open CPE detail)

Qt>>Qt >> Version To (excluding) 4.7.4

Qt>>Qt >> Version 1.41 (Open CPE detail)
Qt>>Qt >> Version 1.42 (Open CPE detail)
Qt>>Qt >> Version 1.43 (Open CPE detail)
Qt>>Qt >> Version 1.44 (Open CPE detail)
Qt>>Qt >> Version 1.45 (Open CPE detail)
Qt>>Qt >> Version 2.00 (Open CPE detail)
Qt>>Qt >> Version 2.0.0 (Open CPE detail)
Qt>>Qt >> Version 2.0.1 (Open CPE detail)
Qt>>Qt >> Version 2.0.2 (Open CPE detail)
Qt>>Qt >> Version 2.1.0 (Open CPE detail)
Qt>>Qt >> Version 2.1.1 (Open CPE detail)
Qt>>Qt >> Version 2.2.0 (Open CPE detail)
Qt>>Qt >> Version 2.2.1 (Open CPE detail)
Qt>>Qt >> Version 2.2.2 (Open CPE detail)
Qt>>Qt >> Version 2.2.3 (Open CPE detail)
Qt>>Qt >> Version 2.2.4 (Open CPE detail)
Qt>>Qt >> Version 2.3.0 (Open CPE detail)
Qt>>Qt >> Version 2.3.1 (Open CPE detail)
Qt>>Qt >> Version 2.3.2 (Open CPE detail)
Qt>>Qt >> Version 2.3.4 (Open CPE detail)
Qt>>Qt >> Version 2.3.5 (Open CPE detail)
Qt>>Qt >> Version 2.3.6 (Open CPE detail)
Qt>>Qt >> Version 2.3.7 (Open CPE detail)
Qt>>Qt >> Version 2.3.8 (Open CPE detail)
Qt>>Qt >> Version 2.3.10 (Open CPE detail)
Qt>>Qt >> Version 3.0.0 (Open CPE detail)
Qt>>Qt >> Version 3.0.1 (Open CPE detail)
Qt>>Qt >> Version 3.0.2 (Open CPE detail)
Qt>>Qt >> Version 3.0.3 (Open CPE detail)
Qt>>Qt >> Version 3.0.4 (Open CPE detail)
Qt>>Qt >> Version 3.0.4 (Open CPE detail)
Qt>>Qt >> Version 3.0.5 (Open CPE detail)
Qt>>Qt >> Version 3.0.5 (Open CPE detail)
Qt>>Qt >> Version 3.0.6 (Open CPE detail)
Qt>>Qt >> Version 3.0.6 (Open CPE detail)
Qt>>Qt >> Version 3.0.7 (Open CPE detail)
Qt>>Qt >> Version 3.0.7 (Open CPE detail)
Qt>>Qt >> Version 3.1.0 (Open CPE detail)
Qt>>Qt >> Version 3.1.1 (Open CPE detail)
Qt>>Qt >> Version 3.1.1 (Open CPE detail)
Qt>>Qt >> Version 3.1.2 (Open CPE detail)
Qt>>Qt >> Version 3.1.2 (Open CPE detail)
Qt>>Qt >> Version 3.2.0 (Open CPE detail)
Qt>>Qt >> Version 3.2.1 (Open CPE detail)
Qt>>Qt >> Version 3.2.1 (Open CPE detail)
Qt>>Qt >> Version 3.2.2 (Open CPE detail)
Qt>>Qt >> Version 3.2.2 (Open CPE detail)
Qt>>Qt >> Version 3.2.3 (Open CPE detail)
Qt>>Qt >> Version 3.2.3 (Open CPE detail)
Qt>>Qt >> Version 3.3.0 (Open CPE detail)
Qt>>Qt >> Version 3.3.1 (Open CPE detail)
Qt>>Qt >> Version 3.3.1 (Open CPE detail)
Qt>>Qt >> Version 3.3.1 (Open CPE detail)
Qt>>Qt >> Version 3.3.2 (Open CPE detail)
Qt>>Qt >> Version 3.3.2 (Open CPE detail)
Qt>>Qt >> Version 3.3.2 (Open CPE detail)
Qt>>Qt >> Version 3.3.3 (Open CPE detail)
Qt>>Qt >> Version 3.3.3 (Open CPE detail)
Qt>>Qt >> Version 3.3.3 (Open CPE detail)
Qt>>Qt >> Version 3.3.4 (Open CPE detail)
Qt>>Qt >> Version 3.3.4 (Open CPE detail)
Qt>>Qt >> Version 3.3.4 (Open CPE detail)
Qt>>Qt >> Version 3.3.5 (Open CPE detail)
Qt>>Qt >> Version 3.3.6 (Open CPE detail)
Qt>>Qt >> Version 3.3.6 (Open CPE detail)
Qt>>Qt >> Version 3.3.6 (Open CPE detail)
Qt>>Qt >> Version 3.3.7 (Open CPE detail)
Qt>>Qt >> Version 3.3.7 (Open CPE detail)
Qt>>Qt >> Version 3.3.8 (Open CPE detail)
Qt>>Qt >> Version 3.3.8 (Open CPE detail)
Qt>>Qt >> Version 3.3.8b (Open CPE detail)
Qt>>Qt >> Version 4.0.0 (Open CPE detail)
Qt>>Qt >> Version 4.0.1 (Open CPE detail)
Qt>>Qt >> Version 4.1.0 (Open CPE detail)
Qt>>Qt >> Version 4.1.1 (Open CPE detail)
Qt>>Qt >> Version 4.1.2 (Open CPE detail)
Qt>>Qt >> Version 4.1.3 (Open CPE detail)
Qt>>Qt >> Version 4.1.4 (Open CPE detail)
Qt>>Qt >> Version 4.1.5 (Open CPE detail)
Qt>>Qt >> Version 4.2.0 (Open CPE detail)
Qt>>Qt >> Version 4.2.1 (Open CPE detail)
Qt>>Qt >> Version 4.2.2 (Open CPE detail)
Qt>>Qt >> Version 4.2.3 (Open CPE detail)
Qt>>Qt >> Version 4.3.0 (Open CPE detail)
Qt>>Qt >> Version 4.3.1 (Open CPE detail)
Qt>>Qt >> Version 4.3.2 (Open CPE detail)
Qt>>Qt >> Version 4.3.3 (Open CPE detail)
Qt>>Qt >> Version 4.3.4 (Open CPE detail)
Qt>>Qt >> Version 4.3.5 (Open CPE detail)
Qt>>Qt >> Version 4.4.0 (Open CPE detail)
Qt>>Qt >> Version 4.4.1 (Open CPE detail)
Qt>>Qt >> Version 4.4.2 (Open CPE detail)
Qt>>Qt >> Version 4.4.3 (Open CPE detail)
Qt>>Qt >> Version 4.5.0 (Open CPE detail)
Qt>>Qt >> Version 4.5.1 (Open CPE detail)
Qt>>Qt >> Version 4.5.2 (Open CPE detail)
Qt>>Qt >> Version 4.5.3 (Open CPE detail)
Qt>>Qt >> Version 4.6.0 (Open CPE detail)
Qt>>Qt >> Version 4.6.0 (Open CPE detail)
Qt>>Qt >> Version 4.6.1 (Open CPE detail)
Qt>>Qt >> Version 4.6.2 (Open CPE detail)
Qt>>Qt >> Version 4.6.3 (Open CPE detail)
Qt>>Qt >> Version 4.6.4 (Open CPE detail)
Qt>>Qt >> Version 4.6.5 (Open CPE detail)
Qt>>Qt >> Version 4.6.5 (Open CPE detail)
Qt>>Qt >> Version 4.7.0 (Open CPE detail)
Qt>>Qt >> Version 4.7.1 (Open CPE detail)
Qt>>Qt >> Version 4.7.2 (Open CPE detail)
Qt>>Qt >> Version 4.7.3 (Open CPE detail)

Configuraton 0

Canonical>>Ubuntu_linux >> Version 10.04

Canonical>>Ubuntu_linux >> Version 10.04 (Open CPE detail)

Canonical>>Ubuntu_linux >> Version 11.04

Canonical>>Ubuntu_linux >> Version 11.04 (Open CPE detail)

Configuraton 0

Redhat>>Enterprise_linux_desktop >> Version 4.0

Redhat>>Enterprise_linux_desktop >> Version 4.0 (Open CPE detail)

Redhat>>Enterprise_linux_desktop >> Version 5.0

Redhat>>Enterprise_linux_desktop >> Version 5.0 (Open CPE detail)

Redhat>>Enterprise_linux_desktop >> Version 6.0

Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_desktop >> Version 6.0 (Open CPE detail)

Redhat>>Enterprise_linux_eus >> Version 6.1

Redhat>>Enterprise_linux_eus >> Version 6.1 (Open CPE detail)

Redhat>>Enterprise_linux_server >> Version 4.0

Redhat>>Enterprise_linux_server >> Version 4.0 (Open CPE detail)

Redhat>>Enterprise_linux_server >> Version 5.0

Redhat>>Enterprise_linux_server >> Version 5.0 (Open CPE detail)

Redhat>>Enterprise_linux_server >> Version 6.0

Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_server >> Version 6.0 (Open CPE detail)

Redhat>>Enterprise_linux_workstation >> Version 4.0

Redhat>>Enterprise_linux_workstation >> Version 4.0 (Open CPE detail)

Redhat>>Enterprise_linux_workstation >> Version 5.0

Redhat>>Enterprise_linux_workstation >> Version 5.0 (Open CPE detail)

Redhat>>Enterprise_linux_workstation >> Version 6.0

Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)
Redhat>>Enterprise_linux_workstation >> Version 6.0 (Open CPE detail)

Configuraton 0

Opensuse>>Opensuse >> Version 11.3

Opensuse>>Opensuse >> Version 11.3 (Open CPE detail)

Opensuse>>Opensuse >> Version 11.4

Opensuse>>Opensuse >> Version 11.4 (Open CPE detail)

References

http://secunia.com/advisories/46371
Tags : third-party-advisory, x_refsource_SECUNIA

http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0
Tags : x_refsource_MISC

http://www.ubuntu.com/usn/USN-1504-1
Tags : vendor-advisory, x_refsource_UBUNTU

http://www.openwall.com/lists/oss-security/2011/08/24/8
Tags : mailing-list, x_refsource_MLIST

http://lists.opensuse.org/opensuse-updates/2011-10/msg00007.html
Tags : vendor-advisory, x_refsource_SUSE

http://secunia.com/advisories/41537
Tags : third-party-advisory, x_refsource_SECUNIA

http://secunia.com/advisories/46410
Tags : third-party-advisory, x_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2011-1327.html
Tags : vendor-advisory, x_refsource_REDHAT

http://rhn.redhat.com/errata/RHSA-2011-1325.html
Tags : vendor-advisory, x_refsource_REDHAT

http://www.openwall.com/lists/oss-security/2011/08/22/6
Tags : mailing-list, x_refsource_MLIST

http://secunia.com/advisories/46128
Tags : third-party-advisory, x_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2011-1324.html
Tags : vendor-advisory, x_refsource_REDHAT

http://www.openwall.com/lists/oss-security/2011/08/25/1
Tags : mailing-list, x_refsource_MLIST

http://secunia.com/advisories/49895
Tags : third-party-advisory, x_refsource_SECUNIA

http://secunia.com/advisories/46117
Tags : third-party-advisory, x_refsource_SECUNIA

http://rhn.redhat.com/errata/RHSA-2011-1326.html
Tags : vendor-advisory, x_refsource_REDHAT

http://secunia.com/advisories/46119
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.securityfocus.com/bid/49723
Tags : vdb-entry, x_refsource_BID

http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08
Tags : x_refsource_MISC

http://rhn.redhat.com/errata/RHSA-2011-1323.html
Tags : vendor-advisory, x_refsource_REDHAT

https://hermes.opensuse.org/messages/12056605
Tags : vendor-advisory, x_refsource_SUSE

http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65
Tags : x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2011-1328.html
Tags : vendor-advisory, x_refsource_REDHAT

https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c
Tags : x_refsource_CONFIRM

http://www.osvdb.org/75652
Tags : vdb-entry, x_refsource_OSVDB

http://secunia.com/advisories/46118
Tags : third-party-advisory, x_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/69991
Tags : vdb-entry, x_refsource_XF

http://lists.opensuse.org/opensuse-updates/2011-10/msg00008.html
Tags : vendor-advisory, x_refsource_SUSE

CVE-2011-3193 : Detail

CVE-2011-3193

CVE Descriptions

CVE Informations

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Products Mentioned

Configuraton 0

Configuraton 0

Configuraton 0

Configuraton 0

References