Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango prior to 1.24 allows context-dependent malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pango pango 1.6 |
||
pango pango 1.14 |
||
pango pango 1.16 |
||
pango pango 1.8 |
||
pango pango 1.4 |
||
pango pango |
||
pango pango 1.10 |
||
pango pango 1.2 |
||
pango pango 1.18 |
||
pango pango 1.12 |
||
pango pango 1.20 |