Bug#610792: CVE-2011-0020: heap corruption in libpango
Adam D. Barratt
adam at adam-barratt.org.uk
Sat Jan 22 23:07:59 UTC 2011
user release.debian.org at packages.debian.org
usertag 610792 + squeeze-can-defer
tag 610792 + squeeze-ignore
thanks
On Sat, January 22, 2011 14:32, Moritz Muehlenhoff wrote:
> Package: pango1.0
> Severity: grave
> Tags: security
>
> Discovered by Dan Rosenberg an posted to oss-security:
>
> "When used with FreeType2 as a backend, Pango is vulnerable to heap
> corruption when rendering malformed fonts. The vulnerability occurs in
> pango_ft2_font_render_box_glyph() in pango/pangoft2-render.c. A buffer
> is malloc'd with size box->bitmap.rows * box->bitmap.pitch.
> Subsequently, 0xff is written at offsets into this buffer without
> checking that these offsets fall within the buffer's boundaries,
> leading to heap corruption."
This can be fixed via a security update after the release if required;
tagging as not a blocker for 6.0.0.
Regards,
Adam
More information about the pkg-gnome-maintainers
mailing list