Pango Integer Buffer Overflow Vulnerability Network Vulnerability

Summary

This host has installed with Pango and is prone to Integer Buffer Overflow vulnerability

Impact

Successful exploitation will allow attacker to execute arbitrary code via a long glyph string, and can cause denial of service. Impact Level: Application

Solution

Upgrade to pango version 1.24.0 or later http://ftp.acc.umu.se/pub/GNOME/sources/pango/

Insight

Error in pango_glyph_string_set_size function in pango/glyphstring.c file, which fails to perform adequate boundary checks on user-supplied data before using the data to allocate memory buffers.

Affected

Pango version prior to 1.24.0

References

http://secunia.com/advisories/35018
http://www.debian.org/security/2009/dsa-1798
http://www.openwall.com/lists/oss-security/2009/05/07/1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1194

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Simple Web Server Connection Header Buffer Overflow Vulnerability
Sync Breeze Server Remote Stack Buffer Overflow Vulnerability
Blue Coat K9 Web Protection Multiple Buffer Overflow Vulnerabilities
VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Linux)
SlySoft Product(s) Code Execution Vulnerability

Take action and discover your vulnerabilities