Pango Integer Buffer Overflow Vulnerability Network Vulnerability

Summary

This host has installed with Pango and is prone to Integer Buffer Overflow vulnerability

Impact

Successful exploitation will allow attacker to execute arbitrary code via a long glyph string, and can cause denial of service. Impact Level: Application

Solution

Upgrade to pango version 1.24.0 or later http://ftp.acc.umu.se/pub/GNOME/sources/pango/

Insight

Error in pango_glyph_string_set_size function in pango/glyphstring.c file, which fails to perform adequate boundary checks on user-supplied data before using the data to allocate memory buffers.

Affected

Pango version prior to 1.24.0

References

http://secunia.com/advisories/35018
http://www.debian.org/security/2009/dsa-1798
http://www.openwall.com/lists/oss-security/2009/05/07/1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1194

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

VMCI/HGFS VmWare Code Execution Vulnerability (Win)
VLC Media Player Stack Overflow Vulnerability (Win-Mar09)
Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability
SIP Express Router Register Buffer Overflow
Pango Integer Buffer Overflow Vulnerability

Take action and discover your vulnerabilities