Severity by source
Assumed network-reachable via crafted input with no authentication; UI:R because text rendering typically requires user-triggered display action; high CIA impact for combined OOB read/write.
Lifecycle Timeline
1DescriptionCVE.org
[GHSA-pjjp-65r7-ppgm: Out-of-bounds read and write in wrap_lines_measure]
AnalysisAI
Out-of-bounds read and write conditions exist in the wrap_lines_measure function, as tracked under GHSA-pjjp-65r7-ppgm and reported by Ubuntu. Memory corruption of this class - simultaneous OOB read and write - typically enables attackers to leak sensitive memory contents and corrupt heap or stack state, potentially leading to arbitrary code execution or process crash depending on exploitability conditions. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation conditions cannot be precisely defined from the available data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk cannot be reliably assessed due to critical data gaps: no CVSS vector, no EPSS score, no KEV status, no POC availability indicator, and no explicit product name or version range were supplied. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker supplies specially crafted text input - such as an unusually long line, zero-length string, or pathologically encoded Unicode content - to an application that uses the affected `wrap_lines_measure` function for layout calculation. The function computes an incorrect buffer boundary, triggering an out-of-bounds read that leaks memory and an out-of-bounds write that corrupts adjacent memory, potentially redirecting execution flow. … |
| Remediation | No patch version, fix commit, or vendor advisory URL was provided in the available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today