Debian DSA-2019-1 : pango1.0 - missing input sanitization
Medium Nessus Plugin ID 45113
SynopsisThe remote Debian host is missing a security-related update.
DescriptionMarc Schoenefeld discovered an improper input sanitization in Pango, a library for layout and rendering of text, leading to array indexing error. If a local user was tricked into loading a specially crafted font file in an application, using the Pango font rendering library, it could lead to denial of service (application crash).
SolutionUpgrade the pango1.0 package.
For the stable distribution (lenny), this problem has been fixed in version 1.20.5-5+lenny1.