CVE 2011-0064
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
Related bugs and status
CVE-2011-0064 (Candidate) is related to these bugs:
Bug #696616: Heap corruption in font parsing with FreeType2 backend
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 696616 | Heap corruption in font parsing with FreeType2 backend | pango1.0 (Ubuntu) | Medium | Fix Released | ||
| 696616 | Heap corruption in font parsing with FreeType2 backend | Pango | Medium | Fix Released | ||
| 696616 | Heap corruption in font parsing with FreeType2 backend | pango1.0 (Debian) | Unknown | Fix Released | ||
| 696616 | Heap corruption in font parsing with FreeType2 backend | pango1.0 (Ubuntu Maverick) | Undecided | Fix Released | ||
| 696616 | Heap corruption in font parsing with FreeType2 backend | pango1.0 (Ubuntu Natty) | Medium | Fix Released | ||
Bug #700198: CVE-2009-0793
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 700198 | CVE-2009-0793 | lcms (Ubuntu) | Undecided | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6 (Ubuntu) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6b18 (Ubuntu) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | gimp (Ubuntu) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | ia32-libs (Ubuntu) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | gimp (Ubuntu Hardy) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | ia32-libs (Ubuntu Hardy) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | lcms (Ubuntu Hardy) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6 (Ubuntu Hardy) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6b18 (Ubuntu Hardy) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | gimp (Ubuntu Karmic) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | ia32-libs (Ubuntu Karmic) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | lcms (Ubuntu Karmic) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6 (Ubuntu Karmic) | Undecided | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6b18 (Ubuntu Karmic) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | gimp (Ubuntu Lucid) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | ia32-libs (Ubuntu Lucid) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | lcms (Ubuntu Lucid) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6b18 (Ubuntu Lucid) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | gimp (Ubuntu Maverick) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | ia32-libs (Ubuntu Maverick) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | lcms (Ubuntu Maverick) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6 (Ubuntu Maverick) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6b18 (Ubuntu Maverick) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | gimp (Ubuntu Natty) | Undecided | Invalid | ||
| 700198 | CVE-2009-0793 | ia32-libs (Ubuntu Natty) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | lcms (Ubuntu Natty) | Undecided | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6 (Ubuntu Natty) | Low | Fix Released | ||
| 700198 | CVE-2009-0793 | openjdk-6b18 (Ubuntu Natty) | Low | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
