Attacker Value
Unknown
CVE-2019-1010238
CVE-2019-1010238
(Last updated November 08, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Vendors
Products
- debian linux 10.0,
- enterprise linux 8.0,
- enterprise linux desktop 7.0,
- enterprise linux eus 7.4,
- enterprise linux eus 7.6,
- enterprise linux eus 8.1,
- enterprise linux eus 8.2,
- enterprise linux eus 8.4,
- enterprise linux server 7.0,
- enterprise linux server aus 7.6,
- enterprise linux server aus 7.7,
- enterprise linux server aus 8.2,
- enterprise linux server aus 8.4,
- enterprise linux server tus 7.6,
- enterprise linux server tus 7.7,
- enterprise linux server tus 8.2,
- enterprise linux server tus 8.4,
- enterprise linux workstation 7.0,
- fedora 29,
- fedora 30,
- openshift container platform 3.11,
- openshift container platform 4.1,
- pango,
- sd-wan edge 7.3,
- sd-wan edge 8.0,
- sd-wan edge 8.1,
- sd-wan edge 8.2,
- ubuntu linux 19.04
