CVE-2011-0020
Published: 24 January 2011
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
Priority
Status
Package | Release | Status |
---|---|---|
pango1.0 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Released
(1.20.5-0ubuntu1.2)
|
|
karmic |
Released
(1.26.0-1ubuntu0.1)
|
|
lucid |
Released
(1.28.0-0ubuntu2.2)
|
|
maverick |
Released
(1.28.2-0ubuntu1.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://git.gnome.org/browse/pango/commit/?id=4e6248d76f55c6184f28afe614d7d76b6fa3d455 |
||
This vulnerability is mitigated in part by the use of GNU C Library heap protector in Ubuntu. |