Pango Integer Buffer Overflow Vulnerability Network Vulnerability

Summary

This host has installed with Pango and is prone to Integer Buffer Overflow vulnerability

Impact

Successful exploitation will allow attacker to execute arbitrary code via a long glyph string, and can cause denial of service. Impact Level: Application

Solution

Upgrade to pango version 1.24.0 or later http://ftp.acc.umu.se/pub/GNOME/sources/pango/

Insight

Error in pango_glyph_string_set_size function in pango/glyphstring.c file, which fails to perform adequate boundary checks on user-supplied data before using the data to allocate memory buffers.

Affected

Pango version prior to 1.24.0

References

http://secunia.com/advisories/35018
http://www.debian.org/security/2009/dsa-1798
http://www.openwall.com/lists/oss-security/2009/05/07/1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1194
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Windows)
SquidGuard Multiple Buffer Overflow Vulnerabilities
RealPlayer Watch Folders Function Buffer Overflow Vulnerability (Windows)
VLC Media Player Stack Overflow Vulnerability (Win-Mar09)
XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows)

Take action and discover your vulnerabilities