Marc Schoenefeld found an improper input sanitization, leading to array indexing error, in the way Pango font rendering library synthesized Glyph Definition Table (GDEF) from the font's character map and the Unicode property database. If a local user was tricked into loading a specially-crafted font file in an application, using the Pango font rendering library, it could lead to denial of service (relevant application crash).
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 Via RHSA-2010:0140 https://rhn.redhat.com/errata/RHSA-2010-0140.html
Upstream commit: http://git.gnome.org/browse/pango/commit/?id=797d46714d27f147277fdd5346648d838c68fb8c