Bug#610792: CVE-2011-0020: heap corruption in libpango
Package: pango1.0 Severity: grave Tags: security Discovered by Dan Rosenberg an posted to oss-security: When used with FreeType2 as a backend, Pango is vulnerable to heap corruption when rendering malformed fonts. The vulnerability occurs in pango_ft2_font_render_box_glyph() in pango/pangoft2-render.c. A buffer is malloc'd with size box-bitmap.rows * box-bitmap.pitch. Subsequently, 0xff is written at offsets into this buffer without checking that these offsets fall within the buffer's boundaries, leading to heap corruption. -Dan [1] https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616 -- System Information: Debian Release: 6.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#610792: CVE-2011-0020: heap corruption in libpango
user release.debian@packages.debian.org usertag 610792 + squeeze-can-defer tag 610792 + squeeze-ignore thanks On Sat, January 22, 2011 14:32, Moritz Muehlenhoff wrote: Package: pango1.0 Severity: grave Tags: security Discovered by Dan Rosenberg an posted to oss-security: When used with FreeType2 as a backend, Pango is vulnerable to heap corruption when rendering malformed fonts. The vulnerability occurs in pango_ft2_font_render_box_glyph() in pango/pangoft2-render.c. A buffer is malloc'd with size box-bitmap.rows * box-bitmap.pitch. Subsequently, 0xff is written at offsets into this buffer without checking that these offsets fall within the buffer's boundaries, leading to heap corruption. This can be fixed via a security update after the release if required; tagging as not a blocker for 6.0.0. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
