Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://secunia.com/advisories/39041
http://securitytracker.com/id?1023711
http://www.debian.org/security/2010/dsa-2019
http://www.mandriva.com/security/advisories?name=MDVSA-2010:121
http://www.redhat.com/support/errata/RHSA-2010-0140.html
http://www.securityfocus.com/bid/38760
http://www.vupen.com/english/advisories/2010/0627
http://www.vupen.com/english/advisories/2010/0661
http://www.vupen.com/english/advisories/2010/1552
https://bugzilla.redhat.com/show_bug.cgi?id=555831
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9417
OR
cpe:2.3:a:pango:pango:*:*:*:*:*:*:*:* versions up to 1.27 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
68007 | Oracle Linux 3 / 4 / 5 : pango (ELSA-2010-0140) | Nessus | Oracle Linux Local Security Checks | medium |
60746 | Scientific Linux Security Update : pango on SL3.x, SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
52529 | Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : pango1.0 vulnerabilities (USN-1082-1) | Nessus | Ubuntu Local Security Checks | high |
49912 | SuSE 10 Security Update : pango (ZYPP Patch Number 6895) | Nessus | SuSE Local Security Checks | medium |
47115 | Mandriva Linux Security Advisory : pango (MDVSA-2010:121) | Nessus | Mandriva Local Security Checks | medium |
46668 | SuSE9 Security Update : pango (YOU Patch Number 12614) | Nessus | SuSE Local Security Checks | medium |
46263 | RHEL 3 / 4 / 5 : pango (RHSA-2010:0140) | Nessus | Red Hat Local Security Checks | medium |
45540 | SuSE 10 Security Update : pango (ZYPP Patch Number 6894) | Nessus | SuSE Local Security Checks | medium |
45113 | Debian DSA-2019-1 : pango1.0 - missing input sanitization | Nessus | Debian Local Security Checks | medium |
45066 | CentOS 3 / 4 / 5 : pango (CESA-2010:0140) | Nessus | CentOS Local Security Checks | medium |