CVE-2019-1010238 (retired)

Priority
Description
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is:
The heap based buffer overflow can be used to get code execution. The
component is: function name: pango_log2vis_get_embedding_levels, assignment
of nchars and the loop condition. The attack vector is: Bug can be used
when application pass invalid utf-8 strings to functions like
pango_itemize.
Assigned-to
leosilva
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.04 (Disco Dingo):released (1.42.4-6ubuntu0.1)
Ubuntu 19.10 (Eoan):released (1.42.4-6ubuntu1)
Patches:
Upstream:https://gitlab.gnome.org/GNOME/pango/commit/490f8979a260c16b1df055eab386345da18a2d54
More Information

Updated: 2019-08-14 14:15:25 UTC (commit b248f28b2baec34efa2d1f7c325411e21dec9937)