CVE-2018-15120

MEDIUM

Pango 1.40.8-1.42.3 - Denial of Service via Invalid Unicode Sequences

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-15120. PoCs published by Jeffery M.

AI-analyzed exploit summary This exploit triggers a denial of service (DoS) in Libpango 1.40.8+ by sending a malformed Unicode sequence via IRC, causing an assertion failure in the Emoji iter code. The PoC connects to an IRC server and sends a crafted message to exploit the vulnerability.

Description

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.

Exploits (1)

exploitdb WORKING POC

by Jeffery M · bashdosmultiple

https://www.exploit-db.com/exploits/45263

View Code ZIP pw:eip

This exploit triggers a denial of service (DoS) in Libpango 1.40.8+ by sending a malformed Unicode sequence via IRC, causing an assertion failure in the Emoji iter code. The PoC connects to an IRC server and sends a crafted message to exploit the vulnerability.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Libpango 1.40.8+

No auth needed

Prerequisites: Access to an IRC server · Target software linked against vulnerable Libpango version

MITRE ATT&CK