Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1110969345.43645.1295541408005.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Thu, 20 Jan 2011 11:36:48 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: heap corruption in libpango

Please use CVE-2011-0020 for this.

Thanks.

-- 
    JB

----- Original Message -----
> From Launchpad [1]:
> 
> "When used with FreeType2 as a backend, Pango is vulnerable to heap
> corruption when rendering malformed fonts. The vulnerability occurs in
> pango_ft2_font_render_box_glyph() in pango/pangoft2-render.c. A buffer
> is malloc'd with size box->bitmap.rows * box->bitmap.pitch.
> Subsequently, 0xff is written at offsets into this buffer without
> checking that these offsets fall within the buffer's boundaries,
> leading to heap corruption."
> 
> -Dan
> 
> [1] https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.