- Description
- Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string that causes original 2-byte UTF-8 sequences to be transformed into 3-byte sequences.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fribidi:gnu_fribidi:0.19.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53F357AD-8D7D-45DD-B304-2FDDD50814DD"
},
{
"criteria": "cpe:2.3:a:fribidi:gnu_fribidi:0.19.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D044B51-D4F0-4683-BD75-F746663756C6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kobi_zamir:pyfribidi:0.10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D76BA7C-231C-494C-A23F-F87BD68FA1F8"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]