CVE-2010-0421

Pango < 1.27.1 - Denial of Service via Crafted Font File

Title source: llm
STIX 2.1

Description

Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.

References (15)

Core 15
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:121
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1552
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=555831
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9417
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39041
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2019
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0140.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0661
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38760
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0627
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023711

Scores

EPSS 0.0166
EPSS Percentile 82.3%

Details

CWE
CWE-119
Status published
Products (1)
gnome/pango < 1.27
Published Mar 18, 2010
Tracked Since Feb 18, 2026