Описание
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.12.3-0ubuntu3.1 |
| devel | not-affected | 1.24.1-0ubuntu1 |
| hardy | released | 1.20.5-0ubuntu1.1 |
| intrepid | released | 1.22.2-0ubuntu1.1 |
| jaunty | not-affected | 1.24.1-0ubuntu1 |
| upstream | released | 1.24 |
Показывать по
6.8 Medium
CVSS2
Связанные уязвимости
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
Integer overflow in the pango_glyph_string_set_size function in pango/ ...
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
6.8 Medium
CVSS2