Unrated severityNVD Advisory· Published Mar 7, 2011· Updated Apr 29, 2026
CVE-2011-0064
CVE-2011-0064
Description
The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
Affected products
2- cpe:2.3:a:gnome:pango:1.28.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
23- cgit.freedesktop.org/harfbuzz/commit/nvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- build.opensuse.org/request/show/63070nvdPatch
- secunia.com/advisories/43559nvdVendor Advisory
- secunia.com/advisories/43572nvdVendor Advisory
- secunia.com/advisories/43578nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0543nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0555nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0558nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-March/056065.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlnvd
- secunia.com/advisories/43800nvd
- securitytracker.com/idnvd
- www.debian.org/security/2011/dsa-2178nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2011-0309.htmlnvd
- www.securityfocus.com/bid/46632nvd
- www.ubuntu.com/usn/USN-1082-1nvd
- www.vupen.com/english/advisories/2011/0584nvd
- www.vupen.com/english/advisories/2011/0683nvd
- bugzilla.mozilla.org/show_bug.cginvd
- bugzilla.novell.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/65770nvd
News mentions
0No linked articles in our index yet.