Home

CVE-2019-18397

Description

A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.807

Associated Vulnerability

VulnerabilityOS Platform
Free Implementation of the Unicode BiDi algorithm (utility) (USN-4179-1) libfribidi0_1.0.5-3.1ubuntu0.19.04.1_i386.debLinux
Free Implementation of the Unicode BiDi algorithm (utility) (USN-4179-1) libfribidi0_1.0.5-3.1ubuntu0.19.04.1_amd64.debLinux
Free Implementation of the Unicode BiDi algorithm (utility) (USN-4179-1) libfribidi0_1.0.5-3.1ubuntu0.19.10.1_i386.debLinux
Free Implementation of the Unicode BiDi algorithm (utility) (USN-4179-1) libfribidi0_1.0.5-3.1ubuntu0.19.10.1_amd64.debLinux
(RHSA-2019:4326) fribidi security update fribidi-1.0.2-1.el7_7.1.i686.rpmLinux
(RHSA-2019:4326) fribidi security update fribidi-1.0.2-1.el7_7.1.x86_64.rpmLinux
(RHSA-2019:4326) fribidi security update fribidi-devel-1.0.2-1.el7_7.1.i686.rpmLinux
(RHSA-2019:4326) fribidi security update fribidi-devel-1.0.2-1.el7_7.1.x86_64.rpmLinux
(RHSA-2019:4361) fribidi security update fribidi-1.0.4-7.el8_1.i686.rpmLinux
(RHSA-2019:4361) fribidi security update fribidi-1.0.4-7.el8_1.x86_64.rpmLinux
(RHSA-2019:4361) fribidi security update fribidi-debugsource-1.0.4-7.el8_1.i686.rpmLinux
(RHSA-2019:4361) fribidi security update fribidi-debugsource-1.0.4-7.el8_1.x86_64.rpmLinux
(RHSA-2019:4361) fribidi security update fribidi-devel-1.0.4-7.el8_1.i686.rpmLinux
(RHSA-2019:4361) fribidi security update fribidi-devel-1.0.4-7.el8_1.x86_64.rpmLinux
Fribidi update (ELSA-2019-4361) fribidi-1.0.4-7.el8_1.x86_64.rpmLinux
Fribidi-devel update (ELSA-2019-4361) fribidi-devel-1.0.4-7.el8_1.x86_64.rpmLinux
Fribidi update (ELSA-2019-4361) fribidi-1.0.4-7.el8_1.i686.rpmLinux
Fribidi-devel update (ELSA-2019-4361) fribidi-devel-1.0.4-7.el8_1.i686.rpmLinux
(CESA-2019:4361) fribidi security update fribidi-1.0.4-7.el8_1.i686.rpmLinux
(CESA-2019:4361) fribidi security update fribidi-1.0.4-7.el8_1.x86_64.rpmLinux
(CESA-2019:4361) fribidi security update fribidi-devel-1.0.4-7.el8_1.i686.rpmLinux
(CESA-2019:4361) fribidi security update fribidi-devel-1.0.4-7.el8_1.x86_64.rpmLinux
(CESA-2019:4326) fribidi security update fribidi-1.0.2-1.el7_7.1.i686.rpmLinux
(CESA-2019:4326) fribidi security update fribidi-1.0.2-1.el7_7.1.x86_64.rpmLinux
(CESA-2019:4326) fribidi security update fribidi-devel-1.0.2-1.el7_7.1.i686.rpmLinux
(CESA-2019:4326) fribidi security update fribidi-devel-1.0.2-1.el7_7.1.x86_64.rpmLinux
(RHSA-2019:4326)Important: security update fribidi-debuginfo-1.0.2-1.el7_7.1.i686.rpmLinux
(RHSA-2019:4326)Important: security update fribidi-debuginfo-1.0.2-1.el7_7.1.x86_64.rpmLinux
Buffer Copy without Checking Size of Input (Classic Buffer Overflow) Vulnerability (CVE-2019-18397)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234