Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2009-1194

Published: 11/05/2009 Updated: 13/02/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Pango

Vulnerability Summary

Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango prior to 1.24 allows context-dependent malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.

Vulnerable Product Search on Vulmon Subscribe to Product

pango pango 1.6

pango pango 1.14

pango pango 1.16

pango pango 1.8

pango pango 1.4

pango pango

pango pango 1.10

pango pango 1.2

pango pango 1.18

pango pango 1.12

pango pango 1.20

Vendor Advisories

Red Hat: Important: pango security update
Synopsis Important: pango security update Type/Severity Security Advisory: Important Topic Updated pango and evolution28-pango packages that fix an integer overflowflaw are now available for Red Hat Enterprise Linux 3, 4, and 5This update has been rated as having important security impact by the RedHat Sec ...
Debian CVElist Bug Report Logs: pango1.0: integer overflow in heap allocation size calculations
Debian Bug report logs - #527474 pango10: integer overflow in heap allocation size calculations Package: pango10; Maintainer for pango10 is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: "Michael S Gilbert" <michaelsgilbert@gmailcom> Date: Thu, 7 May 2009 19:54:01 UTC S ...
Ubuntu Security Notice: pango1.0 vulnerability
Will Drewry discovered that Pango incorrectly handled rendering text with long glyphstrings If a user were tricked into displaying specially crafted data with applications linked against Pango, such as Firefox, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program ...
Mozilla: Heap/integer overflows in font glyph rendering libraries
Mozilla Foundation Security Advisory 2009-36 Heap/integer overflows in font glyph rendering libraries Announced July 21, 2009 Reporter Will Drewry Impact Critical Products Firefox Fixed in ...

Github Repositories

https://github.com/cinnqi/VulKG

Vulnerability knowledge graph construction

Fine-grained Named Entity Recognition and Knowledge Graph Construction Paper published at dlacmorg/doi/abs/101145/35402503558920 cve-ner: Fine-grained Named Entity Recognition Neo4j-D3-VKG :Vulnerability knowledge graph visualization 1 Introduction 11 Project Introduction This is my machine learning project, the system is defined as a platform for extracting knowl

https://github.com/cinnqi/Neo4j-D3-VKG

Visualization of vulnerability knowledge graph

Neo4j-D3-VKG Visualization of vulnerability knowledge graph 1 Introduction 11 Project Introduction This is my machine learning project, the system is defined as a platform for extracting knowledge from the vulnerability descriptions in the current mainstream vulnerability database CVE and visualizing the results of the extraction The visualization results are displayed in a

https://github.com/cinnqi/CVE_TEST

Vulnerability knowledge graph construction

Fine-grained Named Entity Recognition and Knowledge Graph Construction Paper published at dlacmorg/doi/abs/101145/35402503558920 cve-ner: Fine-grained Named Entity Recognition Neo4j-D3-VKG :Vulnerability knowledge graph visualization 1 Introduction 11 Project Introduction This is my machine learning project, the system is defined as a platform for extracting knowl

References

CWE-189http://www.ocert.org/advisories/ocert-2009-001.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=496887http://www.openwall.com/lists/oss-security/2009/05/07/1http://www.ubuntu.com/usn/USN-773-1https://launchpad.net/bugs/cve/2009-1194https://bugzilla.mozilla.org/show_bug.cgi?id=480134http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5ehttp://www.debian.org/security/2009/dsa-1798http://www.redhat.com/support/errata/RHSA-2009-0476.htmlhttp://secunia.com/advisories/35021http://www.securityfocus.com/bid/34870http://secunia.com/advisories/35018http://secunia.com/advisories/35027http://www.securitytracker.com/id?1022196http://osvdb.org/54279http://www.vupen.com/english/advisories/2009/1269http://secunia.com/advisories/35038http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://secunia.com/advisories/35685http://www.securityfocus.com/bid/35758http://www.mozilla.org/security/announce/2009/mfsa2009-36.htmlhttp://www.vupen.com/english/advisories/2009/1972http://secunia.com/advisories/35914http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.htmlhttp://secunia.com/advisories/36145http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1http://secunia.com/advisories/36005http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50397https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137http://www.securityfocus.com/archive/1/503349/100/0/threadedhttps://access.redhat.com/errata/RHSA-2009:0476https://usn.ubuntu.com/773-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook