pango is vulnerable to arbitrary code execution. A heap-based buffer overflow in the function pango_log2vis_get_embedding_levels
allows a remote attacker to execute arbitrary code by passing malicious utf-8
strings to the pango_itemize
function.
CPE | Name | Operator | Version |
---|---|---|---|
pango | eq | 1.42.4__2.el7_6 | |
pango | eq | 1.42.4__1.el7 | |
pango | eq | 1.42.4__2.el7_6 | |
pango | eq | 1.42.4__1.el7 |
access.redhat.com/errata/RHBA-2019:2824
access.redhat.com/errata/RHSA-2019:2571
access.redhat.com/errata/RHSA-2019:2582
access.redhat.com/errata/RHSA-2019:2594
access.redhat.com/errata/RHSA-2019:3234
access.redhat.com/security/updates/classification/#important
gitlab.gnome.org/GNOME/pango/-/commits/main/pango/pango-bidi-type.c
gitlab.gnome.org/GNOME/pango/-/issues/342
gitlab.gnome.org/GNOME/pango/blob/master/pango/pango-bidi-type.c
lists.fedoraproject.org/archives/list/[email protected]/message/D6HWAHXJ2ZXINYMANHPFDDCJFWUQ57M4/
lists.fedoraproject.org/archives/list/[email protected]/message/VFFF4FY7SCAYT3EKTYPGRN6BVKZTH7Y7/
seclists.org/bugtraq/2019/Aug/14
security.gentoo.org/glsa/201909-03
usn.ubuntu.com/4081-1/
www.debian.org/security/2019/dsa-4496
www.oracle.com/security-alerts/cpuapr2020.html