Unrated severityNVD Advisory· Published Mar 7, 2011· Updated Jun 16, 2026
CVE-2011-0064
CVE-2011-0064
Description
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- cpe:2.3:a:gnome:pango:1.28.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- osv-coords3 versions
< 0+ 2 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.40.3-1.1
Patches
Vulnerability mechanics
References
23- cgit.freedesktop.org/harfbuzz/commit/nvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- build.opensuse.org/request/show/63070nvdPatch
- secunia.com/advisories/43559nvdVendor Advisory
- secunia.com/advisories/43572nvdVendor Advisory
- secunia.com/advisories/43578nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0543nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0555nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0558nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlnvd
- secunia.com/advisories/43800nvd
- securitytracker.com/idnvd
- www.debian.org/security/2011/dsa-2178nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2011-0309.htmlnvd
- www.securityfocus.com/bid/46632nvd
- www.ubuntu.com/usn/USN-1082-1nvd
- www.vupen.com/english/advisories/2011/0584nvd
- www.vupen.com/english/advisories/2011/0683nvd
- bugzilla.mozilla.org/show_bug.cginvd
- bugzilla.novell.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/65770nvd
News mentions
0No linked articles in our index yet.