Buffer overflow in Gnome Pango

CVE-2011-0020

Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial o…

Vulnerability class: Buffer Overflow

EPSS: 0.189 (96.9th percentile) — read the EPSS interpretation.

Affected products

Gnome Pango — versions 1.28.0, 1.28.1, 1.28.2
Pango — versions 0.20, 0.21, 0.22
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_CONFIRM, Exploit)
secalert@redhat.com (x_refsource_MISC)
secalert@redhat.com (x_refsource_CONFIRM, Exploit)
secalert@redhat.com (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (vdb-entry, x_refsource_XF)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (mailing-list, x_refsource_MLIST, Exploit)
secalert@redhat.com (x_refsource_OSVDB, vdb-entry)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)