{"id":"CVE-2018-15120","details":"libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.","modified":"2026-04-11T12:27:39.273801Z","published":"2018-08-24T19:29:01.657Z","related":["SUSE-SU-2018:2763-1","openSUSE-SU-2024:10843-1","openSUSE-SU-2024:11148-1"],"references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/3750-1/"},{"type":"ADVISORY","url":"https://github.com/GNOME/pango/blob/1.42.4/NEWS"},{"type":"ADVISORY","url":"https://i.redd.it/v7p4n2ptu0s11.jpg"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201811-07"},{"type":"ADVISORY","url":"https://www.reddit.com/r/PS4/comments/9o5efg/message_bricking_console_megathread/"},{"type":"FIX","url":"https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f"},{"type":"FIX","url":"https://www.exploit-db.com/exploits/45263"},{"type":"FIX","url":"https://www.exploit-db.com/exploits/45263/"},{"type":"FIX","url":"https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html"},{"type":"EVIDENCE","url":"https://www.ign.com/articles/2018/10/16/ps4s-are-reportedly-being-bricked-and-sony-is-working-on-a-fix"},{"type":"EVIDENCE","url":"http://52.117.224.77/xfce4-pdos.webm"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnome/pango","events":[{"introduced":"0940ddc24f7301f09d945ec44360699ce30859c6"},{"last_affected":"67471cbfe24cd4418e9e97837ac85207f0d974de"},{"fixed":"71aaeaf020340412b8d012fe23a556c0420eda5f"}],"database_specific":{"versions":[{"introduced":"1.40.8"},{"last_affected":"1.42.3"}]}}],"versions":["1.40.10","1.40.11","1.40.12","1.40.13","1.40.14","1.40.8","1.40.9","1.41.0","1.41.1","1.42.0","1.42.1","1.42.2","1.42.3"],"database_specific":{"vanir_signatures_modified":"2026-04-11T12:27:39Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15120.json","vanir_signatures":[{"signature_version":"v1","source":"https://github.com/gnome/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f","digest":{"length":1743,"function_hash":"280634229485122664716075277308058368326"},"signature_type":"Function","target":{"function":"_pango_emoji_iter_next","file":"pango/pango-emoji.c"},"deprecated":false,"id":"CVE-2018-15120-94a7ee29"},{"signature_version":"v1","source":"https://github.com/gnome/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f","digest":{"threshold":0.9,"line_hashes":["209976057711671941575069096308863010864","186327902410307932406473741261747817727","243903047219189923930036787420386286732","45389752208727248105783279002597061461"]},"signature_type":"Line","target":{"file":"pango/pango-emoji.c"},"deprecated":false,"id":"CVE-2018-15120-f82f83a2"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}