CVE-2018-15120
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-15120
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15120.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-15120
- Related
- Published
- 2018-08-24T19:29:01Z
- Modified
- 2024-08-01T08:42:13.794730Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
- References
-
- https://security.gentoo.org/glsa/201811-07
- https://www.exploit-db.com/exploits/45263
- https://www.exploit-db.com/exploits/45263/
- http://52.117.224.77/xfce4-pdos.webm
- https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is-working-on-a-fix
- https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f
- https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html
- https://github.com/GNOME/pango/blob/1.42.4/NEWS
- https://i.redd.it/v7p4n2ptu0s11.jpg
- https://usn.ubuntu.com/3750-1/
- https://www.reddit.com/r/PS4/comments/9o5efg/message_bricking_console_megathread/
- https://security.alpinelinux.org/vuln/CVE-2018-15120
- https://security-tracker.debian.org/tracker/CVE-2018-15120
Affected packages
Alpine:v3.7 / pango
Package
- Name
- pango
- Purl
- pkg:apk/alpine/pango?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.40.14-r1
Affected versions
1.*
1.24.0-r0
1.24.1-r0
1.24.2-r0
1.24.4-r0
1.24.5-r0
1.26.0-r0
1.26.1-r0
1.26.2-r0
1.26.2-r1
1.28.0-r0
1.28.0-r1
1.28.1-r0
1.28.1-r1
1.28.1-r2
1.28.3-r0
1.28.3-r1
1.28.4-r0
1.28.4-r1
1.28.4-r2
1.28.4-r3
1.28.4-r4
1.28.4-r5
1.29.4-r0
1.29.4-r1
1.30.0-r0
1.30.1-r0
1.32.1-r0
1.32.1-r1
1.32.1-r2
1.32.2-r0
1.32.4-r0
1.32.5-r0
1.34.0-r0
1.34.1-r0
1.35.2-r0
1.36.0-r0
1.36.1-r0
1.36.2-r0
1.36.3-r0
1.36.5-r0
1.36.6-r0
1.36.8-r0
1.36.8-r1
1.36.8-r2
1.38.1-r0
1.39.0-r0
1.40.1-r0
1.40.1-r1
1.40.2-r0
1.40.3-r0
1.40.5-r0
1.40.6-r0
1.40.11-r0
1.40.12-r0
1.40.13-r0
1.40.14-r0
Alpine:v3.8 / pango
Package
- Name
- pango
- Purl
- pkg:apk/alpine/pango?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.40.14-r1
Affected versions
1.*
1.24.0-r0
1.24.1-r0
1.24.2-r0
1.24.4-r0
1.24.5-r0
1.26.0-r0
1.26.1-r0
1.26.2-r0
1.26.2-r1
1.28.0-r0
1.28.0-r1
1.28.1-r0
1.28.1-r1
1.28.1-r2
1.28.3-r0
1.28.3-r1
1.28.4-r0
1.28.4-r1
1.28.4-r2
1.28.4-r3
1.28.4-r4
1.28.4-r5
1.29.4-r0
1.29.4-r1
1.30.0-r0
1.30.1-r0
1.32.1-r0
1.32.1-r1
1.32.1-r2
1.32.2-r0
1.32.4-r0
1.32.5-r0
1.34.0-r0
1.34.1-r0
1.35.2-r0
1.36.0-r0
1.36.1-r0
1.36.2-r0
1.36.3-r0
1.36.5-r0
1.36.6-r0
1.36.8-r0
1.36.8-r1
1.36.8-r2
1.38.1-r0
1.39.0-r0
1.40.1-r0
1.40.1-r1
1.40.2-r0
1.40.3-r0
1.40.5-r0
1.40.6-r0
1.40.11-r0
1.40.12-r0
1.40.13-r0
1.40.14-r0
Debian:11 / pango1.0
Package
- Name
- pango1.0
- Purl
- pkg:deb/debian/pango1.0?arch=source
Debian:12 / pango1.0
Package
- Name
- pango1.0
- Purl
- pkg:deb/debian/pango1.0?arch=source
Debian:13 / pango1.0
Package
- Name
- pango1.0
- Purl
- pkg:deb/debian/pango1.0?arch=source
Git / github.com/gnome/pango
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gnome/pango
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.23.0
1.24.0
1.24.1
1.24.2
1.24.3
1.24.4
1.24.5
1.25.1
1.25.2
1.25.3
1.25.4
1.25.5
1.25.6
1.26.0
1.26.1
1.26.2
1.27.1
1.29.1
1.29.3
1.29.5
1.30.0
1.30.1
1.31.0
1.31.1
1.31.2
1.32.0
1.32.1
1.32.2
1.32.3
1.32.4
1.32.5
1.32.6
1.33.7
1.33.8
1.33.9
1.34.0
1.34.1
1.35.0
1.35.2
1.35.3
1.35.6
1.36.0
1.36.1
1.36.2
1.36.3
1.36.4
1.36.5
1.36.6
1.36.7
1.36.8
1.37.0
1.37.1
1.37.2
1.37.3
1.37.4
1.37.5
1.38.0
1.38.1
1.39.0
1.40.0
1.40.1
1.40.10
1.40.11
1.40.12
1.40.13
1.40.14
1.40.2
1.40.3
1.40.4
1.40.5
1.40.6
1.40.7
1.40.8
1.40.9
1.41.0
1.41.1
1.42.0
1.42.1
1.42.2
1.42.3
Other
GTK_ALL_1_3_6
PANGO_0_12
PANGO_0_13
PANGO_0_14
PANGO_0_15
PANGO_0_16
PANGO_0_17
PANGO_0_18
PANGO_0_19
PANGO_0_20
PANGO_0_21
PANGO_0_22
PANGO_0_23
PANGO_0_24
PANGO_0_25
PANGO_0_26
PANGO_1_0_0
PANGO_1_0_0_RC1
PANGO_1_0_0_RC2
PANGO_1_0_1
PANGO_1_10_0
PANGO_1_11_0
PANGO_1_11_1
PANGO_1_11_3
PANGO_1_11_4
PANGO_1_11_5
PANGO_1_11_6
PANGO_1_11_99
PANGO_1_12_0
PANGO_1_13_0
PANGO_1_13_1
PANGO_1_13_2
PANGO_1_13_3
PANGO_1_13_4
PANGO_1_13_5
PANGO_1_14_0
PANGO_1_14_10
PANGO_1_15_0
PANGO_1_15_1
PANGO_1_15_2
PANGO_1_15_3
PANGO_1_15_4
PANGO_1_15_5
PANGO_1_15_6
PANGO_1_16_0
PANGO_1_16_1
PANGO_1_16_2
PANGO_1_16_3
PANGO_1_16_4
PANGO_1_16_5
PANGO_1_17_0
PANGO_1_17_1
PANGO_1_17_2
PANGO_1_17_3
PANGO_1_18_0
PANGO_1_18_1
PANGO_1_18_2
PANGO_1_18_3
PANGO_1_18_4
PANGO_1_19_1
PANGO_1_19_2
PANGO_1_19_3
PANGO_1_19_4
PANGO_1_1_0
PANGO_1_1_1
PANGO_1_1_2
PANGO_1_1_3
PANGO_1_1_5
PANGO_1_20_0
PANGO_1_20_1
PANGO_1_20_2
PANGO_1_20_3
PANGO_1_20_4
PANGO_1_20_5
PANGO_1_21_0
PANGO_1_21_1
PANGO_1_21_2
PANGO_1_21_3
PANGO_1_21_5
PANGO_1_21_6
PANGO_1_22_0
PANGO_1_22_2
PANGO_1_22_3
PANGO_1_22_4
PANGO_1_23_0
PANGO_1_2_0
PANGO_1_3_0
PANGO_1_3_1
PANGO_1_3_2
PANGO_1_3_3
PANGO_1_3_5
PANGO_1_3_6
PANGO_1_4_0
PANGO_1_5_0
PANGO_1_5_1
PANGO_1_5_2
PANGO_1_6_0
PANGO_1_7_0
PANGO_1_8_0
PANGO_1_9_0
PANGO_1_9_1
pango-1-0-branchpoint
pango-1-12-branchpoint
pango-1-2-branchpoint
pango-1-4-branchpoint
pango-1-6-branchpoint
start
vertical-branch-point