CVE-2009-1194

Publication date 11 May 2009

Last updated 24 July 2024

Ubuntu priority

Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pango1.0	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 1.22.2-0ubuntu1.1
	8.04 LTS hardy	Fixed 1.20.5-0ubuntu1.1
	6.06 LTS dapper	Fixed 1.12.3-0ubuntu3.1

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
pango1.0	Upstream: ?id=4de

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-773-1
Pango vulnerability
7 May 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-1194