CVE-2018-15120

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.

References

Affected packages

Git / github.com/gnome/pango

Affected ranges

Type: GIT
Repo: https://github.com/gnome/pango
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

71aaeaf020340412b8d012fe23a556c0420eda5f

Affected versions

1.*

1.23.0

1.24.0

1.24.1

1.24.2

1.24.3

1.24.4

1.24.5

1.25.1

1.25.2

1.25.3

1.25.4

1.25.5

1.25.6

1.26.0

1.26.1

1.26.2

1.27.1

1.29.1

1.29.3

1.29.5

1.30.0

1.30.1

1.31.0

1.31.1

1.31.2

1.32.0

1.32.1

1.32.2

1.32.3

1.32.4

1.32.5

1.32.6

1.33.7

1.33.8

1.33.9

1.34.0

1.34.1

1.35.0

1.35.2

1.35.3

1.35.6

1.36.0

1.36.1

1.36.2

1.36.3

1.36.4

1.36.5

1.36.6

1.36.7

1.36.8

1.37.0

1.37.1

1.37.2

1.37.3

1.37.4

1.37.5

1.38.0

1.38.1

1.39.0

1.40.0

1.40.1

1.40.10

1.40.11

1.40.12

1.40.13

1.40.14

1.40.2

1.40.3

1.40.4

1.40.5

1.40.6

1.40.7

1.40.8

1.40.9

1.41.0

1.41.1

1.42.0

1.42.1

1.42.2

1.42.3

Other

GTK_ALL_1_3_6

PANGO_0_12

PANGO_0_13

PANGO_0_14

PANGO_0_15

PANGO_0_16

PANGO_0_17

PANGO_0_18

PANGO_0_19

PANGO_0_20

PANGO_0_21

PANGO_0_22

PANGO_0_23

PANGO_0_24

PANGO_0_25

PANGO_0_26

PANGO_1_0_0

PANGO_1_0_0_RC1

PANGO_1_0_0_RC2

PANGO_1_0_1

PANGO_1_10_0

PANGO_1_11_0

PANGO_1_11_1

PANGO_1_11_3

PANGO_1_11_4

PANGO_1_11_5

PANGO_1_11_6

PANGO_1_11_99

PANGO_1_12_0

PANGO_1_13_0

PANGO_1_13_1

PANGO_1_13_2

PANGO_1_13_3

PANGO_1_13_4

PANGO_1_13_5

PANGO_1_14_0

PANGO_1_14_10

PANGO_1_15_0

PANGO_1_15_1

PANGO_1_15_2

PANGO_1_15_3

PANGO_1_15_4

PANGO_1_15_5

PANGO_1_15_6

PANGO_1_16_0

PANGO_1_16_1

PANGO_1_16_2

PANGO_1_16_3

PANGO_1_16_4

PANGO_1_16_5

PANGO_1_17_0

PANGO_1_17_1

PANGO_1_17_2

PANGO_1_17_3

PANGO_1_18_0

PANGO_1_18_1

PANGO_1_18_2

PANGO_1_18_3

PANGO_1_18_4

PANGO_1_19_1

PANGO_1_19_2

PANGO_1_19_3

PANGO_1_19_4

PANGO_1_1_0

PANGO_1_1_1

PANGO_1_1_2

PANGO_1_1_3

PANGO_1_1_5

PANGO_1_20_0

PANGO_1_20_1

PANGO_1_20_2

PANGO_1_20_3

PANGO_1_20_4

PANGO_1_20_5

PANGO_1_21_0

PANGO_1_21_1

PANGO_1_21_2

PANGO_1_21_3

PANGO_1_21_5

PANGO_1_21_6

PANGO_1_22_0

PANGO_1_22_2

PANGO_1_22_3

PANGO_1_22_4

PANGO_1_23_0

PANGO_1_2_0

PANGO_1_3_0

PANGO_1_3_1

PANGO_1_3_2

PANGO_1_3_3

PANGO_1_3_5

PANGO_1_3_6

PANGO_1_4_0

PANGO_1_5_0

PANGO_1_5_1

PANGO_1_5_2

PANGO_1_6_0

PANGO_1_7_0

PANGO_1_8_0

PANGO_1_9_0

PANGO_1_9_1

pango-1-0-branchpoint

pango-1-12-branchpoint

pango-1-2-branchpoint

pango-1-4-branchpoint

pango-1-6-branchpoint

start

vertical-branch-point

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/gnome/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f",
        "target": {
            "function": "_pango_emoji_iter_next",
            "file": "pango/pango-emoji.c"
        },
        "deprecated": false,
        "id": "CVE-2018-15120-94a7ee29",
        "signature_version": "v1",
        "digest": {
            "length": 1743.0,
            "function_hash": "280634229485122664716075277308058368326"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/gnome/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f",
        "target": {
            "file": "pango/pango-emoji.c"
        },
        "deprecated": false,
        "id": "CVE-2018-15120-f82f83a2",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "209976057711671941575069096308863010864",
                "186327902410307932406473741261747817727",
                "243903047219189923930036787420386286732",
                "45389752208727248105783279002597061461"
            ]
        },
        "signature_type": "Line"
    }
]