CVE-2018-15120

CVE-2018-15120

Name

CVE-2018-15120

Description

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html
Patch	https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f
Release Notes	https://github.com/GNOME/pango/blob/1.42.4/NEWS
Third Party Advisory	https://usn.ubuntu.com/3750-1/
Exploit	https://www.exploit-db.com/exploits/45263/
Third Party Advisory	https://security.gentoo.org/glsa/201811-07
Exploit	http://52.117.224.77/xfce4-pdos.webm
Third Party Advisory	https://i.redd.it/v7p4n2ptu0s11.jpg
Exploit	https://www.exploit-db.com/exploits/45263
Exploit	https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is-working-on-a-fix
Third Party Advisory	https://www.reddit.com/r/PS4/comments/9o5efg/message_bricking_console_megathread/

Type

URI

Patch

https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html

Patch

https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f

Release Notes

https://github.com/GNOME/pango/blob/1.42.4/NEWS

Third Party Advisory

https://usn.ubuntu.com/3750-1/

Exploit

https://www.exploit-db.com/exploits/45263/