CVE-2018-15120

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-15120
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15120.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-15120
Downstream
Related
Published
2018-08-24T19:29:01.657Z
Modified
2026-04-11T12:27:39.273801Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.

References

Affected packages

Git / github.com/gnome/pango

Affected ranges

Type
GIT
Repo
https://github.com/gnome/pango
Events
Introduced
0940ddc24f7301f09d945ec44360699ce30859c6
Last affected
67471cbfe24cd4418e9e97837ac85207f0d974de
Fixed
71aaeaf020340412b8d012fe23a556c0420eda5f
Database specific 
{
    "versions": [
        {
            "introduced": "1.40.8"
        },
        {
            "last_affected": "1.42.3"
        }
    ]
}

Affected versions

1.*
1.40.10
1.40.11
1.40.12
1.40.13
1.40.14
1.40.8
1.40.9
1.41.0
1.41.1
1.42.0
1.42.1
1.42.2
1.42.3

Database specific

vanir_signatures 
[
    {
        "signature_version": "v1",
        "source": "https://github.com/gnome/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f",
        "deprecated": false,
        "id": "CVE-2018-15120-94a7ee29",
        "digest": {
            "function_hash": "280634229485122664716075277308058368326",
            "length": 1743.0
        },
        "target": {
            "function": "_pango_emoji_iter_next",
            "file": "pango/pango-emoji.c"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "source": "https://github.com/gnome/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f",
        "deprecated": false,
        "id": "CVE-2018-15120-f82f83a2",
        "digest": {
            "line_hashes": [
                "209976057711671941575069096308863010864",
                "186327902410307932406473741261747817727",
                "243903047219189923930036787420386286732",
                "45389752208727248105783279002597061461"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "pango/pango-emoji.c"
        },
        "signature_type": "Line"
    }
]
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    }
]
vanir_signatures_modified 
"2026-04-11T12:27:39Z"
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15120.json"