CVE-2011-0020

Priority
Description
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function
in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when
the FreeType2 backend is enabled, allows user-assisted remote attackers to
cause a denial of service (application crash) or possibly execute arbitrary
code via a crafted font file, related to the glyph box for an FT_Bitmap
object.
Notes
Package
Upstream:needs-triage
Patches:
Upstream:http://git.gnome.org/browse/pango/commit/?id=4e6248d76f55c6184f28afe614d7d76b6fa3d455
This vulnerability is mitigated in part by the use of GNU C Library heap protector in Ubuntu. For more details see https://wiki.ubuntu.com/Security/Features#heap-protector
More Information

Updated: 2019-12-05 20:56:15 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)