LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

pango: denial of service

Package(s):pango CVE #(s):CVE-2010-0421
Created:March 16, 2010 Updated:March 2, 2011
Description: From the Red Hat advisory:

An input sanitization flaw, leading to an array index error, was found in the way the Pango font rendering library synthesized the Glyph Definition (GDEF) table from a font's character map and the Unicode property database. If an attacker created a specially-crafted font file and tricked a local, unsuspecting user into loading the font file in an application that uses the Pango font rendering library, it could cause that application to crash.

Alerts:
Ubuntu USN-1082-1 2011-03-02
Mandriva MDVSA-2010:121 2010-06-22
SuSE SUSE-SR:2010:012 2010-05-25
SuSE SUSE-SR:2010:013 2010-06-14
SuSE SUSE-SR:2010:009 2010-04-14
Pardus 2010-40 2010-03-29
Debian DSA-2019-1 2010-03-20
CentOS CESA-2010:0140 2010-03-16
Red Hat RHSA-2010:0140-01 2010-03-15
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds