CVE-2011-0064

N/A Unknown

Published: March 07, 2011 Modified: April 29, 2026

Description

The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9

Source: cve@mitre.org

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Source: cve@mitre.org

http://secunia.com/advisories/43559

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/43572

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/43578

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/43800

Source: cve@mitre.org

http://securitytracker.com/id?1025145

Source: cve@mitre.org

http://www.debian.org/security/2011/dsa-2178

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:040

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2011-0309.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/46632

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-1082-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0543

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0555

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0558

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0584

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0683

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=606997

Source: cve@mitre.org

https://bugzilla.novell.com/show_bug.cgi?id=672502

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=678563

Source: cve@mitre.org

Patch

https://build.opensuse.org/request/show/63070

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/65770

Source: cve@mitre.org

http://cgit.freedesktop.org/harfbuzz/commit/?id=a6a79df5fe2ed2cd307e7a991346faee164e70d9

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43559

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43572

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43578

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43800

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1025145

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2011/dsa-2178

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:040

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2011-0309.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/46632

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1082-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0543

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0555

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0558

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0584

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0683

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=606997

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.novell.com/show_bug.cgi?id=672502

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=678563

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://build.opensuse.org/request/show/63070

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/65770

Source: af854a3a-2127-422b-91ae-364da2661108

46 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

3.3%

87th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

mozilla gnome