Moritz Muehlenhoff
2011-Jan-22 14:32 UTC
[Secure-testing-team] Bug#610792: CVE-2011-0020: heap corruption in libpango
Package: pango1.0 Severity: grave Tags: security Discovered by Dan Rosenberg an posted to oss-security: "When used with FreeType2 as a backend, Pango is vulnerable to heap corruption when rendering malformed fonts. The vulnerability occurs in pango_ft2_font_render_box_glyph() in pango/pangoft2-render.c. A buffer is malloc''d with size box->bitmap.rows * box->bitmap.pitch. Subsequently, 0xff is written at offsets into this buffer without checking that these offsets fall within the buffer''s boundaries, leading to heap corruption." -Dan [1] https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616 -- System Information: Debian Release: 6.0 APT prefers testing APT policy: (500, ''testing'') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash