Pango GDEF Array Indexing Error in Font Library Lets Users Deny Service
|
|
SecurityTracker Alert ID: 1023711 |
|
SecurityTracker URL: http://securitytracker.com/id/1023711
|
|
CVE Reference:
CVE-2010-0421
(Links to External Site)
|
Date: Mar 16 2010
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 1.27.1
|
Description:
A vulnerability was reported in Pango. A remote or local user can cause denial of service conditions.
A remote or local user can create a specially crafted font file that, when loaded by the target user via an application that uses the Pango font rendering library, will trigger an array indexing error in the generation of Glyph Definition tables (GDEF) and cause the target application to crash.
Marc Schoenefeld reported this vulnerability.
|
Impact:
A remote or local user can create a font file that, when loaded by the target application, will cause the target application to crash.
|
Solution:
The vendor has issued a fix (1.27.1).
|
Vendor URL: www.pango.org/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 16 Mar 2010 01:27:45 +0000
Subject: Pango
|
Marc Schoenefeld found an improper input sanitization, leading to
array indexing error, in the way Pango font rendering library
synthesized Glyph Definition Table (GDEF) from the font's character
map and the Unicode property database. If a local user was tricked
into loading a specially-crafted font file in an application,
using the Pango font rendering library, it could lead to denial
of service (relevant application crash).
CVE-2010-0421 libpangoft2 segfaults on forged font files
|
|
