CVE-2009-1194

pango: pango_glyph_string_set_size integer overflow

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.

Un desbordamiento de entero en la función pango_glyph_string_set_size en pango/glyphstring.c en Pango antes de la versión v1.24 permite causar una denegación de servicio (mediante caída de la aplicación) a atacantes dependientes del contexto y posiblemente también ejecutar código arbitrario a través de una cadena glifo demasiado larga que desencadena un desbordamiento de búfer basado en montículo, como se ha demostrado por un valor document.location demasiado largo en Firefox.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-03-31 CVE Reserved
2009-05-08 CVE Published
2024-01-30 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-189: Numeric Errors
CWE-190: Integer Overflow or Wraparound

CAPEC

References (32)

URL	Tag	Source
http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e	X_refsource_confirm
http://osvdb.org/54279	Vdb Entry
http://secunia.com/advisories/35018	Third Party Advisory
http://secunia.com/advisories/35021	Third Party Advisory
http://secunia.com/advisories/35027	Third Party Advisory
http://secunia.com/advisories/35038	Third Party Advisory
http://secunia.com/advisories/35685	Third Party Advisory
http://secunia.com/advisories/35914	Third Party Advisory
http://secunia.com/advisories/36005	Third Party Advisory
http://secunia.com/advisories/36145	Third Party Advisory
http://www.mozilla.org/security/announce/2009/mfsa2009-36.html	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2009/05/07/1	Mailing List
http://www.securityfocus.com/archive/1/503349/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/34870	Vdb Entry
http://www.securityfocus.com/bid/35758	Vdb Entry
http://www.securitytracker.com/id?1022196	Vdb Entry
http://www.vupen.com/english/advisories/2009/1269	Vdb Entry
http://www.vupen.com/english/advisories/2009/1972	Vdb Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=480134	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/50397	Vdb Entry
https://launchpad.net/bugs/cve/2009-1194	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137	Signature

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=496887	2024-08-07

URL	Date	SRC
http://www.ocert.org/advisories/ocert-2009-001.html	2023-02-13

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html	2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html	2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html	2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1	2023-02-13
http://www.debian.org/security/2009/dsa-1798	2023-02-13
http://www.redhat.com/support/errata/RHSA-2009-0476.html	2023-02-13
http://www.ubuntu.com/usn/USN-773-1	2023-02-13
https://access.redhat.com/security/cve/CVE-2009-1194	2009-05-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				<= 1.22 Search vendor "Pango" for product "Pango" and version " <= 1.22"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.2 Search vendor "Pango" for product "Pango" and version "1.2"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.4 Search vendor "Pango" for product "Pango" and version "1.4"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.6 Search vendor "Pango" for product "Pango" and version "1.6"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.8 Search vendor "Pango" for product "Pango" and version "1.8"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.10 Search vendor "Pango" for product "Pango" and version "1.10"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.12 Search vendor "Pango" for product "Pango" and version "1.12"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.14 Search vendor "Pango" for product "Pango" and version "1.14"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.16 Search vendor "Pango" for product "Pango" and version "1.16"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.18 Search vendor "Pango" for product "Pango" and version "1.18"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.20 Search vendor "Pango" for product "Pango" and version "1.20"		-		Affected