Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTikeFtNiVKpTE7xwri_JpmYH7EmD94YCGsXh5s0E@mail.gmail.com>
Date: Tue, 18 Jan 2011 14:43:02 -0500
From: Dan Rosenberg <dan.j.rosenberg@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: heap corruption in libpango

>From Launchpad [1]:

"When used with FreeType2 as a backend, Pango is vulnerable to heap
corruption when rendering malformed fonts. The vulnerability occurs in
pango_ft2_font_render_box_glyph() in pango/pangoft2-render.c. A buffer
is malloc'd with size box->bitmap.rows * box->bitmap.pitch.
Subsequently, 0xff is written at offsets into this buffer without
checking that these offsets fall within the buffer's boundaries,
leading to heap corruption."

-Dan

[1] https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.