CVE-2009-1194
Published: 11 May 2009
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
Priority
Status
Package | Release | Status |
---|---|---|
pango1.0 Launchpad, Ubuntu, Debian |
upstream |
Released
(1.24)
|
dapper |
Released
(1.12.3-0ubuntu3.1)
|
|
hardy |
Released
(1.20.5-0ubuntu1.1)
|
|
intrepid |
Released
(1.22.2-0ubuntu1.1)
|
|
jaunty |
Not vulnerable
(1.24.1-0ubuntu1)
|
|
Patches: upstream: http://git.gnome.org/cgit/pango/commit/?id=4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e |