Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3193

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-3193
Last Modified 07 Feb 2013 12:00:00
Published 15 Jun 2012 08:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3193

Summary

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

Vulnerable Systems

Application

  • Digia Qt 4.0.0

  • Digia Qt 4.0.1

  • Digia Qt 4.1.0

  • Digia Qt 4.1.1

  • Digia Qt 4.1.2

  • Digia Qt 4.1.3

  • Digia Qt 4.1.4

  • Digia Qt 4.1.5

  • Digia Qt 4.2.0

  • Digia Qt 4.2.1

  • Digia Qt 4.2.3

  • Digia Qt 4.3.0

  • Digia Qt 4.3.1

  • Digia Qt 4.3.2

  • Digia Qt 4.3.3

  • Digia Qt 4.3.4

  • Digia Qt 4.3.5

  • Digia Qt 4.4.0

  • Digia Qt 4.4.1

  • Digia Qt 4.4.2

  • Digia Qt 4.4.3

  • Digia Qt 4.5.0

  • Digia Qt 4.5.1

  • Digia Qt 4.5.2

  • Digia Qt 4.5.3

  • Digia Qt 4.6.0

  • Digia Qt 4.6.1

  • Digia Qt 4.6.2

  • Digia Qt 4.6.3

  • Digia Qt 4.6.4

  • Digia Qt 4.7.0

  • Digia Qt 4.7.1

  • Digia Qt 4.7.2

  • Digia Qt 4.7.3

  • Nokia Qt 4.6.0

  • Nokia Qt 4.6.1

  • Nokia Qt 4.6.2

  • Nokia Qt 4.6.3

  • Nokia Qt 4.6.4

  • Nokia Qt 4.7.0

  • Nokia Qt 4.7.1

  • Nokia Qt 4.7.2

  • Nokia Qt 4.7.3

  • Pango -

  • Qt 4.5.1

  • Qt 4.5.2

  • Qt 4.5.3

  • Qt 4.6.0

  • Qt 4.6.1

  • Qt 4.6.2

  • Qt 4.6.3

  • Qt 4.7.0

  • Qt 4.7.1

  • Qt 4.7.2

  • Qt 4.7.3


References

CONFIRM - https://qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775c

SUSE - SUSE-SU-2011:1113

XF - pango-harfbuzz-bo(69991)

BID - 49723

OSVDB - 75652

MLIST - [oss-security] 20120825 Re: CVE request: libqt4: two memory issues

MLIST - [oss-security] 20120824 Re: CVE request: libqt4: two memory issues

MLIST - [oss-security] 20120822 CVE request: libqt4: two memory issues

SECUNIA - 46410

SECUNIA - 46371

SECUNIA - 46128

SECUNIA - 46119

SECUNIA - 46118

SECUNIA - 46117

SECUNIA - 41537

REDHAT - RHSA-2011:1328

REDHAT - RHSA-2011:1327

REDHAT - RHSA-2011:1326

REDHAT - RHSA-2011:1325

REDHAT - RHSA-2011:1324

REDHAT - RHSA-2011:1323

SUSE - openSUSE-SU-2011:1120

SUSE - openSUSE-SU-2011:1119

MISC - http://git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.c?id=a7a715480db66148b1f487528887508a7991dcd0

MISC - http://cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.c?id=da2c52abcd75d46929b34cad55c4fb2c8892bc08

CONFIRM - http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65

UBUNTU - USN-1504-1

SECUNIA - 49895

Related Patches

Novell SUSE 2011:5131 libQtWebKit-devel security update for SLE 11 SP1 i586


Last Updated: 27 May 2016 10:58:32