Buffer Overflow Vulnerability in GNU FriBidi Affects Multiple Applications
CVE-2019-18397

7.8HIGH

Key Information:

Vendor: Gnu
Status: Fribidi
Vendor: CVE Published:; 13 November 2019

What is CVE-2019-18397?

A buffer overflow exists in the fribidi_get_par_embedding_levels_ex() function within GNU FriBidi, affecting versions up to 1.0.7. This vulnerability allows attackers to create specially crafted text inputs that, when processed by applications utilizing FriBidi for text layout, can lead to denial of service or even the execution of arbitrary code. Applications such as GEdit and HexChat are notably susceptible, as they rely on Pango, which incorporates FriBidi for bidirectional text layout. Mitigating this risk is crucial for users relying on these applications.