CVE-2009-1194

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-1194
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html
http://osvdb.org/54279
http://secunia.com/advisories/35018
http://secunia.com/advisories/35021
http://secunia.com/advisories/35027
http://secunia.com/advisories/35038
http://secunia.com/advisories/35685
http://secunia.com/advisories/35914
http://secunia.com/advisories/36005
http://secunia.com/advisories/36145
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://www.debian.org/security/2009/dsa-1798
http://www.mozilla.org/security/announce/2009/mfsa2009-36.html
http://www.ocert.org/advisories/ocert-2009-001.html Patch
http://www.openwall.com/lists/oss-security/2009/05/07/1
http://www.redhat.com/support/errata/RHSA-2009-0476.html
http://www.securityfocus.com/archive/1/503349/100/0/threaded
http://www.securityfocus.com/bid/34870
http://www.securityfocus.com/bid/35758
http://www.securitytracker.com/id?1022196
http://www.ubuntu.com/usn/USN-773-1
http://www.vupen.com/english/advisories/2009/1269
http://www.vupen.com/english/advisories/2009/1972
https://bugzilla.mozilla.org/show_bug.cgi?id=480134
https://bugzilla.redhat.com/show_bug.cgi?id=496887 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/50397
https://launchpad.net/bugs/cve/2009-1194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137
http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html
http://osvdb.org/54279
http://secunia.com/advisories/35018
http://secunia.com/advisories/35021
http://secunia.com/advisories/35027
http://secunia.com/advisories/35038
http://secunia.com/advisories/35685
http://secunia.com/advisories/35914
http://secunia.com/advisories/36005
http://secunia.com/advisories/36145
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://www.debian.org/security/2009/dsa-1798
http://www.mozilla.org/security/announce/2009/mfsa2009-36.html
http://www.ocert.org/advisories/ocert-2009-001.html Patch
http://www.openwall.com/lists/oss-security/2009/05/07/1
http://www.redhat.com/support/errata/RHSA-2009-0476.html
http://www.securityfocus.com/archive/1/503349/100/0/threaded
http://www.securityfocus.com/bid/34870
http://www.securityfocus.com/bid/35758
http://www.securitytracker.com/id?1022196
http://www.ubuntu.com/usn/USN-773-1
http://www.vupen.com/english/advisories/2009/1269
http://www.vupen.com/english/advisories/2009/1972
https://bugzilla.mozilla.org/show_bug.cgi?id=480134
https://bugzilla.redhat.com/show_bug.cgi?id=496887 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/50397
https://launchpad.net/bugs/cve/2009-1194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pango:pango:*:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.2:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.4:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.6:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.8:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.10:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.12:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.14:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.16:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.18:*:*:*:*:*:*:*
cpe:2.3:a:pango:pango:1.20:*:*:*:*:*:*:*
History

21 Nov 2024, 01:01

Type Values Removed Values Added
References () http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e - () http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e -
References () http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html - () http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html -
References () http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html - () http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html -
References () http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html - () http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html -
References () http://osvdb.org/54279 - () http://osvdb.org/54279 -
References () http://secunia.com/advisories/35018 - () http://secunia.com/advisories/35018 -
References () http://secunia.com/advisories/35021 - () http://secunia.com/advisories/35021 -
References () http://secunia.com/advisories/35027 - () http://secunia.com/advisories/35027 -
References () http://secunia.com/advisories/35038 - () http://secunia.com/advisories/35038 -
References () http://secunia.com/advisories/35685 - () http://secunia.com/advisories/35685 -
References () http://secunia.com/advisories/35914 - () http://secunia.com/advisories/35914 -
References () http://secunia.com/advisories/36005 - () http://secunia.com/advisories/36005 -
References () http://secunia.com/advisories/36145 - () http://secunia.com/advisories/36145 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 -
References () http://www.debian.org/security/2009/dsa-1798 - () http://www.debian.org/security/2009/dsa-1798 -
References () http://www.mozilla.org/security/announce/2009/mfsa2009-36.html - () http://www.mozilla.org/security/announce/2009/mfsa2009-36.html -
References () http://www.ocert.org/advisories/ocert-2009-001.html - Patch () http://www.ocert.org/advisories/ocert-2009-001.html - Patch
References () http://www.openwall.com/lists/oss-security/2009/05/07/1 - () http://www.openwall.com/lists/oss-security/2009/05/07/1 -
References () http://www.redhat.com/support/errata/RHSA-2009-0476.html - () http://www.redhat.com/support/errata/RHSA-2009-0476.html -
References () http://www.securityfocus.com/archive/1/503349/100/0/threaded - () http://www.securityfocus.com/archive/1/503349/100/0/threaded -
References () http://www.securityfocus.com/bid/34870 - () http://www.securityfocus.com/bid/34870 -
References () http://www.securityfocus.com/bid/35758 - () http://www.securityfocus.com/bid/35758 -
References () http://www.securitytracker.com/id?1022196 - () http://www.securitytracker.com/id?1022196 -
References () http://www.ubuntu.com/usn/USN-773-1 - () http://www.ubuntu.com/usn/USN-773-1 -
References () http://www.vupen.com/english/advisories/2009/1269 - () http://www.vupen.com/english/advisories/2009/1269 -
References () http://www.vupen.com/english/advisories/2009/1972 - () http://www.vupen.com/english/advisories/2009/1972 -
References () https://bugzilla.mozilla.org/show_bug.cgi?id=480134 - () https://bugzilla.mozilla.org/show_bug.cgi?id=480134 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=496887 - Exploit () https://bugzilla.redhat.com/show_bug.cgi?id=496887 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/50397 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/50397 -
References () https://launchpad.net/bugs/cve/2009-1194 - () https://launchpad.net/bugs/cve/2009-1194 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137 -
Information

Published : 2009-05-11 15:30

Updated : 2024-11-21 01:01

NVD link : CVE-2009-1194

Mitre link : CVE-2009-1194

CVE.ORG link : CVE-2009-1194

JSON object : View

Products Affected

pango

  • pango
CWE
CWE-189

Numeric Errors


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024