PublicDateAtUSN: 2011-01-24
Candidate: CVE-2011-0020
PublicDate: 2011-01-24 18:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0020
 https://ubuntu.com/security/notices/USN-1082-1
Description:
 Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function
 in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when
 the FreeType2 backend is enabled, allows user-assisted remote attackers to
 cause a denial of service (application crash) or possibly execute arbitrary
 code via a crafted font file, related to the glyph box for an FT_Bitmap
 object.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.gnome.org/show_bug.cgi?id=639882
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610792
 https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616
Priority: low
Discovered-by: Dan Rosenberg
Assigned-to:
CVSS: 

Patches_pango1.0:
 upstream: http://git.gnome.org/browse/pango/commit/?id=4e6248d76f55c6184f28afe614d7d76b6fa3d455
Tags_pango1.0: heap-protector
upstream_pango1.0: needs-triage
dapper_pango1.0: ignored (reached end-of-life)
hardy_pango1.0: released (1.20.5-0ubuntu1.2)
karmic_pango1.0: released (1.26.0-1ubuntu0.1)
lucid_pango1.0: released (1.28.0-0ubuntu2.2)
maverick_pango1.0: released (1.28.2-0ubuntu1.1)
devel_pango1.0: not-affected (1.28.3-4ubuntu1)