CVE-2011-0020

Publication date 24 January 2011

Last updated 24 July 2024

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pango1.0	10.10 maverick	Fixed 1.28.2-0ubuntu1.1
	10.04 LTS lucid	Fixed 1.28.0-0ubuntu2.2
	9.10 karmic	Fixed 1.26.0-1ubuntu0.1
	8.04 LTS hardy	Fixed 1.20.5-0ubuntu1.2
	6.06 LTS dapper	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
pango1.0	Upstream: ?id=4e6

References

Related Ubuntu Security Notices (USN)

USN-1082-1
Pango vulnerabilities
2 March 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-0020