Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and previous versions, when the FreeType2 backend is enabled, allows user-assisted remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pango pango 1.7 |
||
pango pango 1.5 |
||
pango pango 1.6 |
||
pango pango 1.17 |
||
pango pango 0.23 |
||
pango pango 1.9 |
||
pango pango 1.11 |
||
pango pango 0.22 |
||
pango pango 1.14 |
||
pango pango 1.21 |
||
pango pango 1.27 |
||
pango pango 1.1 |
||
pango pango 1.26 |
||
pango pango 1.16 |
||
pango pango 0.24 |
||
pango pango 1.8 |
||
pango pango 0.25 |
||
pango pango 1.4 |
||
pango pango 1.24 |
||
pango pango 1.19 |
||
pango pango 1.0 |
||
pango pango 1.15 |
||
pango pango 1.25 |
||
pango pango 1.10 |
||
pango pango 1.2 |
||
pango pango 1.3 |
||
pango pango 1.22 |
||
pango pango 1.18 |
||
pango pango 0.21 |
||
pango pango 0.26 |
||
pango pango 0.20 |
||
pango pango 1.12 |
||
pango pango 1.13 |
||
pango pango 1.23 |
||
pango pango 1.20 |
||
gnome pango |
||
gnome pango 1.28.2 |
||
gnome pango 1.28.0 |
||
gnome pango 1.28.1 |