Unrated severityNVD Advisory· Published Jun 16, 2012· Updated Apr 29, 2026
CVE-2011-3193
CVE-2011-3193
Description
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
Affected products
16cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
28- cgit.freedesktop.org/harfbuzz.old/commit/nvdPatchThird Party Advisory
- cgit.freedesktop.org/harfbuzz/commit/src/harfbuzz-gpos.cnvdPatchThird Party Advisory
- git.gnome.org/browse/pango/commit/pango/opentype/harfbuzz-gpos.cnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-updates/2011-10/msg00007.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2011-10/msg00008.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2011-1323.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2011-1324.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2011-1325.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2011-1326.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2011-1327.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2011-1328.htmlnvdThird Party Advisory
- secunia.com/advisories/41537nvdThird Party Advisory
- secunia.com/advisories/46117nvdThird Party Advisory
- secunia.com/advisories/46118nvdThird Party Advisory
- secunia.com/advisories/46119nvdThird Party Advisory
- secunia.com/advisories/46128nvdThird Party Advisory
- secunia.com/advisories/46371nvdThird Party Advisory
- secunia.com/advisories/46410nvdThird Party Advisory
- secunia.com/advisories/49895nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2011/08/22/6nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2011/08/24/8nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2011/08/25/1nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/49723nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1504-1nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/69991nvdThird Party AdvisoryVDB Entry
- www.osvdb.org/75652nvdBroken Link
- hermes.opensuse.org/messages/12056605nvdBroken Link
- qt.gitorious.org/qt/qt/commit/9ae6f2f9a57f0c3096d5785913e437953fa6775cnvdBroken Link
News mentions
0No linked articles in our index yet.