pango: arbitrary code execution
| Package(s): | pango |
CVE #(s): | CVE-2011-0064
|
| Created: | March 2, 2011 |
Updated: | April 1, 2011 |
| Description: |
From the Red Hat advisory:
It was discovered that Pango did not check for memory reallocation failures
in the hb_buffer_ensure() function. An attacker able to trigger a
reallocation failure by passing sufficiently large input to an application
using Pango could use this flaw to crash the application or, possibly,
execute arbitrary code with the privileges of the user running the
application. |
| Alerts: |
| Gentoo |
201405-13 |
pango |
2014-05-17 |
| SUSE |
SUSE-SR:2011:005 |
hplip, perl, subversion, t1lib, bind, tomcat5, tomcat6, avahi, gimp, aaa_base, build, libtiff, krb5, nbd, clamav, aaa_base, flash-player, pango, openssl, subversion, postgresql, logwatch, libxml2, quagga, fuse, util-linux |
2011-04-01 |
| openSUSE |
openSUSE-SU-2011:0221-1 |
pango |
2011-03-24 |
| Pardus |
2011-58 |
pango |
2011-03-21 |
| Fedora |
FEDORA-2011-3194 |
pango |
2011-03-12 |
| Mandriva |
MDVSA-2011:040 |
pango |
2011-03-03 |
| Debian |
DSA-2178-1 |
pango1.0 |
2011-03-02 |
| Ubuntu |
USN-1082-1 |
pango1.0 |
2011-03-02 |
| Red Hat |
RHSA-2011:0309-01 |
pango |
2011-03-01 |
|
