CVE-2011-0020

N/A Unknown

Published: January 24, 2011 Modified: April 29, 2026

Description

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Source: secalert@redhat.com

http://openwall.com/lists/oss-security/2011/01/18/6

Source: secalert@redhat.com

Exploit

http://openwall.com/lists/oss-security/2011/01/20/2

Source: secalert@redhat.com

Exploit

http://osvdb.org/70596

Source: secalert@redhat.com

http://secunia.com/advisories/42934

Source: secalert@redhat.com

http://secunia.com/advisories/43100

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2011-0180.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/45842

Source: secalert@redhat.com

http://www.securitytracker.com/id?1024994

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2011/0186

Source: secalert@redhat.com

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0238

Source: secalert@redhat.com

https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616

Source: secalert@redhat.com

Exploit

https://bugzilla.gnome.org/show_bug.cgi?id=639882

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=671122

Source: secalert@redhat.com

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/64832

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://openwall.com/lists/oss-security/2011/01/18/6

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://openwall.com/lists/oss-security/2011/01/20/2

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://osvdb.org/70596

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/42934

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43100

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2011-0180.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/45842

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1024994

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0186

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0238

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://bugzilla.gnome.org/show_bug.cgi?id=639882

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=671122

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/64832

Source: af854a3a-2127-422b-91ae-364da2661108

30 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

18.9%

97th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-119

Affected Vendors

pango gnome

Related CVEs

CVE-2026-40941 N/A

CVE-2026-40084 6.5

CVE-2026-40083 7.2

CVE-2026-40082 5.4

CVE-2026-40080 6.1