Buffer overflow in Gnome Pango

CVE-2010-0421

Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, relate…

Vulnerability class: Buffer Overflow

EPSS: 0.024 (82.3th percentile) — read the EPSS interpretation.

Affected products

Gnome Pango
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (vdb-entry, x_refsource_BID)