CVE-2011-3193

Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

Published: Jun 16, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-3193
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
qt / qt	-	4.7.4
gnome / pango	-	1.25.1
canonical / ubuntu_linux	11.04	11.04.x
canonical / ubuntu_linux	10.04	10.04.x
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux_workstation	5.0	5.0.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_desktop	4.0	4.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x
redhat / enterprise_linux_server	4.0	4.0.x
redhat / enterprise_linux_workstation	4.0	4.0.x
redhat / enterprise_linux_eus	6.1	6.1.x
opensuse / opensuse	11.4	11.4.x
opensuse / opensuse	11.3	11.3.x

Vulnerability Database

289,697

CVE-2011-3193