Bug 1737785 (CVE-2019-1010238) - CVE-2019-1010238 pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow
Summary: CVE-2019-1010238 pango: pango_log2vis_get_embedding_levels() heap-based buffe...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-1010238
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1737786 1738459 1738460 1738461 1738462 1756290
Blocks: 1737787
TreeView+ depends on / blocked
 
Reported: 2019-08-06 08:41 UTC by Marian Rehak
Modified: 2023-03-24 15:10 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A buffer overflow flaw was found in Gnome Pango. When invalid utf-8 strings are passed to functions, a heap-based buffer overflow can occur that could lead to code execution. The highest threat from this vulnerability is data confidentiality and integrity as well as system availability.
Clone Of:
Environment:
Last Closed: 2019-08-28 19:07:22 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:2659 0 None None None 2019-09-04 18:30:50 UTC
Red Hat Product Errata RHBA-2019:2664 0 None None None 2019-09-05 00:59:50 UTC
Red Hat Product Errata RHBA-2019:2665 0 None None None 2019-09-05 01:01:17 UTC
Red Hat Product Errata RHBA-2019:2666 0 None None None 2019-09-05 01:01:33 UTC
Red Hat Product Errata RHBA-2019:2675 0 None None None 2019-09-05 17:27:41 UTC
Red Hat Product Errata RHBA-2019:2686 0 None None None 2019-09-09 16:16:25 UTC
Red Hat Product Errata RHBA-2019:2738 0 None None None 2019-09-11 15:42:24 UTC
Red Hat Product Errata RHBA-2019:2739 0 None None None 2019-09-11 15:42:29 UTC
Red Hat Product Errata RHBA-2019:2742 0 None None None 2019-09-12 15:58:20 UTC
Red Hat Product Errata RHBA-2019:2776 0 None None None 2019-09-16 14:59:03 UTC
Red Hat Product Errata RHBA-2019:2787 0 None None None 2019-09-17 00:37:29 UTC
Red Hat Product Errata RHBA-2019:2810 0 None None None 2019-09-19 04:02:25 UTC
Red Hat Product Errata RHBA-2019:2911 0 None None None 2019-09-26 08:26:18 UTC
Red Hat Product Errata RHBA-2019:2965 0 None None None 2019-10-03 15:29:38 UTC
Red Hat Product Errata RHBA-2019:3036 0 None None None 2019-10-14 09:36:10 UTC
Red Hat Product Errata RHSA-2019:2571 0 None None None 2019-08-28 17:01:48 UTC
Red Hat Product Errata RHSA-2019:2582 0 None None None 2019-08-29 06:50:52 UTC
Red Hat Product Errata RHSA-2019:3234 0 None None None 2019-10-29 14:03:44 UTC

Description Marian Rehak 2019-08-06 08:41:00 UTC 
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.

External References:

https://packetstormsecurity.com/files/153838/USN-4081-1.txt
https://gitlab.gnome.org/GNOME/pango/issues/342
Comment 1 Marian Rehak 2019-08-06 08:41:11 UTC 
Created pango tracking bugs for this issue:

Affects: fedora-all [bug 1737786]
Comment 2 Stefan Cornelius 2019-08-07 04:08:18 UTC 
Patch:
https://gitlab.gnome.org/GNOME/pango/commit/490f8979a260c16b1df055eab386345da18a2d54
Comment 6 errata-xmlrpc 2019-08-28 17:01:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2571 https://access.redhat.com/errata/RHSA-2019:2571
Comment 7 Product Security DevOps Team 2019-08-28 19:07:22 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-1010238
Comment 8 errata-xmlrpc 2019-08-29 06:50:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:2582 https://access.redhat.com/errata/RHSA-2019:2582
Comment 13 Jens Petersen 2019-09-10 04:07:31 UTC 
Anyway I requested 7.6.z now in bug 1738459 - I hope that works even though the bug is closed since we shipped the 7.7.z update.
Comment 17 errata-xmlrpc 2019-10-29 14:03:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2019:3234 https://access.redhat.com/errata/RHSA-2019:3234
Note You need to log in before you can comment on or make changes to this bug.