Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2010-0421

Published: 18/03/2010 Updated: 14/07/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Gnome

Vulnerability Summary

Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango prior to 1.27.1 allows context-dependent malicious users to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome pango

Vendor Advisories

Red Hat: Moderate: pango security update
Synopsis Moderate: pango security update Type/Severity Security Advisory: Moderate Topic Updated pango and evolution28-pango packages that fix one security issueare now available for Red Hat Enterprise Linux 3, 4, and 5This update has been rated as having moderate security impact by the RedHat Security Res ...
Debian CVElist Bug Report Logs: CVE-2010-0421: libpangoft2 segfaults on forged font files
Debian Bug report logs - #574021 CVE-2010-0421: libpangoft2 segfaults on forged font files Package: pango10; Maintainer for pango10 is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 15 Mar 2010 18:52:12 UTC Severity: grave Tags: ...
Ubuntu Security Notice: pango1.0 vulnerabilities
Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph Definition (GDEF) tables If a user were tricked into displaying text with a specially-crafted font, an attacker could cause Pango to crash, resulting in a denial of service This issue only affected Ubuntu 804 LTS and 910 (CVE-2010-0421) ...
Debian Security Advisories: DSA-2019-1 pango1.0 -- missing input sanitization
Marc Schoenefeld discovered an improper input sanitization in Pango, a library for layout and rendering of text, leading to array indexing error If a local user was tricked into loading a specially-crafted font file in an application, using the Pango font rendering library, it could lead to denial of service (application crash) For the stable dis ...

References

CWE-119http://www.securityfocus.com/bid/38760https://bugzilla.redhat.com/show_bug.cgi?id=555831http://securitytracker.com/id?1023711http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2http://www.redhat.com/support/errata/RHSA-2010-0140.htmlhttp://www.vupen.com/english/advisories/2010/0627http://secunia.com/advisories/39041http://www.vupen.com/english/advisories/2010/0661http://www.debian.org/security/2010/dsa-2019http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:121http://www.vupen.com/english/advisories/2010/1552https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9417https://access.redhat.com/errata/RHSA-2010:0140https://usn.ubuntu.com/1082-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook