Array Index Error in Pango Affects Application Stability
CVE-2010-0421

Currently unrated

Key Information:

Vendor: Gnome
Status: Pango
Vendor: CVE Published:; 18 March 2010

Summary

In Pango versions prior to 1.27.1, an array index error occurs in the hb_ot_layout_build_glyph_classes function found in the hb-ot-layout.cc file. This vulnerability enables context-dependent attackers to exploit a crafted font file to trigger application crashes, resulting in a denial of service. The attack exploits how the synthetic Glyph Definition (GDEF) table is built using the font's character map in conjunction with the Unicode property database.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://www.vupen.com/english/advisories/2010/1552

vdb-entryx_refsource_VUPEN

https://bugzilla.redhat.com/show_bug.cgi?id=555831

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 18, 2010
Vulnerability Reserved
Jan 27, 2010