Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-0421

Published: 18 March 2010

Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.

Notes

AuthorNote
mdeslaur 
debian patch is different, backport?

Priority

Low

Status

Package Release Status
pango1.0
Launchpad, Ubuntu, Debian 		dapper Ignored
(end of life)
hardy
Released (1.20.5-0ubuntu1.2)
intrepid Ignored
(end of life, was needed)
jaunty Ignored
(end of life)
karmic
Released (1.26.0-1ubuntu0.1)
lucid Not vulnerable
(1.28.0-0ubuntu2.1)
maverick Not vulnerable
(1.28.0-0ubuntu2)
upstream
Released (1.27.1)
Patches:
upstream: http://git.gnome.org/browse/pango/commit/?id=797d46714d27f147277fdd5346648d838c68fb8c
vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=pango1.0_1.20.5-5%2Blenny1.debdiff;att=1;bug=574021

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading