CVE-2009-1194

NONECVSS 0.0

0.0

Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.

🔗 References (62)

secalert@redhathttp://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html
secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html
secalert@redhathttp://osvdb.org/54279
secalert@redhathttp://secunia.com/advisories/35018
secalert@redhathttp://secunia.com/advisories/35021
secalert@redhathttp://secunia.com/advisories/35027
secalert@redhathttp://secunia.com/advisories/35038
secalert@redhathttp://secunia.com/advisories/35685
secalert@redhathttp://secunia.com/advisories/35914
secalert@redhathttp://secunia.com/advisories/36005
secalert@redhathttp://secunia.com/advisories/36145
secalert@redhathttp://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
secalert@redhathttp://www.debian.org/security/2009/dsa-1798

Is Your Infrastructure Affected by CVE-2009-1194?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-1194

📅 Published

🔄 Last Modified

🔗 References (62)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-1194?