CVE-2011-0020

Pango < 1.28.3 - Heap-Based Buffer Overflow via Crafted Font File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0020. PoCs published by Dan Rosenberg.

AI-analyzed exploit summary The provided text describes a remote heap-corruption vulnerability in Pango (CVE-2011-0020) that could lead to arbitrary code execution or denial-of-service. However, no actual exploit code is included; only a reference to a binary exploit hosted on GitLab.

Description

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Dan Rosenberg · textremotelinux

https://www.exploit-db.com/exploits/35232

View Code ZIP pw:eip

The provided text describes a remote heap-corruption vulnerability in Pango (CVE-2011-0020) that could lead to arbitrary code execution or denial-of-service. However, no actual exploit code is included; only a reference to a binary exploit hosted on GitLab.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Pango (version not specified)

No auth needed

Prerequisites: Vulnerable version of Pango · Ability to deliver malicious input to the target application

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15

Core References

Exploit x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=671122

Issue Tracking x_refsource_misc

https://bugzilla.gnome.org/show_bug.cgi?id=639882

Exploit x_refsource_confirm

https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1024994

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/64832

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

Exploit mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/01/18/6

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/70596

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43100

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2011-0180.html

Exploit mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2011/01/20/2

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0186

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42934

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/45842

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0238

Scores

EPSS 0.1894

EPSS Percentile 96.9%

Details

CWE

CWE-119

Status published

Products (39)

gnome/pango 1.28.0

gnome/pango 1.28.1

gnome/pango 1.28.2

gnome/pango < 1.28.3

pango/pango 0.20

pango/pango 0.21

pango/pango 0.22

pango/pango 0.23

pango/pango 0.24

pango/pango 0.25

... and 29 more

Published Jan 24, 2011

Tracked Since Feb 18, 2026