Red Hat Bugzilla – Bug 565997
CVE-2010-3444 pyfribidi: buffer overflow when processing Arabic UTF-8 strings
Last modified: 2015-07-29 09:17:14 EDT
It was reported  that pyfribidi contains a buffer overflow in the log2vis_utf8() function due to the assumption that the string returned by fribidi_unicode_to_utf8() will be the same length as the original UTF-8 string. Due to changes in fribidi 0.19.1, for the Arabic language this is not the case as the joining added in fribidi causes some of the original 2-byte UTF-8 sequences to be come 3-bytes long.
The upstream report also includes a patch that is supposed to correct the issue by increasing the size of the buffer passed to fribidi_unicode_to_utf8().
Due to Fedora 11 and 12 containing fribidi 0.19.2, this would affect Fedora.
This has been assigned the name CVE-2010-3444.