Bug 555831 (CVE-2010-0421) - CVE-2010-0421 libpangoft2 segfaults on forged font files
Summary: CVE-2010-0421 libpangoft2 segfaults on forged font files
Alias: CVE-2010-0421
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 558933 558934 558936 559168 559169 566491 568150 573883 833948
TreeView+ depends on / blocked
Reported: 2010-01-15 17:08 UTC by Marc Schoenefeld
Modified: 2021-10-19 09:09 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2021-10-19 09:09:58 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0140 0 normal SHIPPED_LIVE Moderate: pango security update 2010-03-15 23:14:42 UTC

Description Marc Schoenefeld 2010-01-15 17:08:04 UTC
Marc Schoenefeld found an improper input sanitization, leading to
array indexing error, in the way Pango font rendering library
synthesized Glyph Definition Table (GDEF) from the font's character
map and the Unicode property database. If a local user was tricked
into loading a specially-crafted font file in an application,
using the Pango font rendering library, it could lead to denial
of service (relevant application crash).

Comment 11 errata-xmlrpc 2010-03-15 23:14:58 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 4

Via RHSA-2010:0140 https://rhn.redhat.com/errata/RHSA-2010-0140.html

Note You need to log in before you can comment on or make changes to this bug.