FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1194

This CVE name corresponds to:

Entered	Topic
2009-05-13	pango -- integer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-1194 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2009-1194
Phase	Assigned(20090331)

Description

Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.

References

Source	Reference
BUGTRAQ	20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations
MLIST	[oss-security] 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations
MISC	http://www.ocert.org/advisories/ocert-2009-001.html
CONFIRM	http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e
CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=480134
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=496887
CONFIRM	https://launchpad.net/bugs/cve/2009-1194
CONFIRM	http://www.mozilla.org/security/announce/2009/mfsa2009-36.html
DEBIAN	DSA-1798
REDHAT	RHSA-2009:0476
SUNALERT	264308
SUSE	SUSE-SR:2009:012
SUSE	SUSE-SA:2009:042
SUSE	SUSE-SA:2009:039
UBUNTU	USN-773-1
BID	34870
BID	35758
OSVDB	54279
OVAL	oval:org.mitre.oval:def:10137
SECTRACK	1022196
SECUNIA	35018
SECUNIA	35021
SECUNIA	35027
SECUNIA	35038
SECUNIA	35685
SECUNIA	35914
SECUNIA	36145
SECUNIA	36005
VUPEN	ADV-2009-1269
VUPEN	ADV-2009-1972
XF	pango-pangoglyphstringsetsize-bo(50397)