Candidate: CVE-2009-1194
PublicDate: 2009-05-11 15:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194
 https://ubuntu.com/security/notices/USN-773-1
Description:
 Integer overflow in the pango_glyph_string_set_size function in
 pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers
 to cause a denial of service (application crash) or possibly execute
 arbitrary code via a long glyph string that triggers a heap-based buffer
 overflow, as demonstrated by a long document.location value in Firefox.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugzilla.mozilla.org/show_bug.cgi?id=480134
Priority: medium
Discovered-by: Will Drewry
Assigned-to: 
CVSS: 

Patches_pango1.0:
 upstream: http://git.gnome.org/cgit/pango/commit/?id=4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e
upstream_pango1.0: released (1.24)
dapper_pango1.0: released (1.12.3-0ubuntu3.1)
hardy_pango1.0: released (1.20.5-0ubuntu1.1)
intrepid_pango1.0: released (1.22.2-0ubuntu1.1)
jaunty_pango1.0: not-affected (1.24.1-0ubuntu1)
devel_pango1.0: not-affected (1.24.1-0ubuntu1)