CVE-2009-1194

pango: pango_glyph_string_set_size integer overflow

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.

Un desbordamiento de entero en la función pango_glyph_string_set_size en pango/glyphstring.c en Pango antes de la versión v1.24 permite causar una denegación de servicio (mediante caída de la aplicación) a atacantes dependientes del contexto y posiblemente también ejecutar código arbitrario a través de una cadena glifo demasiado larga que desencadena un desbordamiento de búfer basado en montículo, como se ha demostrado por un valor document.location demasiado largo en Firefox.

Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue. pango for CS4 broke applications like MandrivaUpdate, mcc and so on. This update corrects this problem.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-03-31 CVE Reserved
2009-05-08 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-189: Numeric Errors
CWE-190: Integer Overflow or Wraparound

CAPEC

References (32)

URL	Tag	Source
http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e	X_refsource_confirm
http://osvdb.org/54279	Vdb Entry
http://secunia.com/advisories/35018	Third Party Advisory
http://secunia.com/advisories/35021	Third Party Advisory
http://secunia.com/advisories/35027	Third Party Advisory
http://secunia.com/advisories/35038	Third Party Advisory
http://secunia.com/advisories/35685	Third Party Advisory
http://secunia.com/advisories/35914	Third Party Advisory
http://secunia.com/advisories/36005	Third Party Advisory
http://secunia.com/advisories/36145	Third Party Advisory
http://www.mozilla.org/security/announce/2009/mfsa2009-36.html	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2009/05/07/1	Mailing List
http://www.securityfocus.com/archive/1/503349/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/34870	Vdb Entry
http://www.securityfocus.com/bid/35758	Vdb Entry
http://www.securitytracker.com/id?1022196	Vdb Entry
http://www.vupen.com/english/advisories/2009/1269	Vdb Entry
http://www.vupen.com/english/advisories/2009/1972	Vdb Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=480134	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/50397	Vdb Entry
https://launchpad.net/bugs/cve/2009-1194	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137	Signature

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=496887	2024-08-07

URL	Date	SRC
http://www.ocert.org/advisories/ocert-2009-001.html	2023-02-13

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html	2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html	2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html	2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1	2023-02-13
http://www.debian.org/security/2009/dsa-1798	2023-02-13
http://www.redhat.com/support/errata/RHSA-2009-0476.html	2023-02-13
http://www.ubuntu.com/usn/USN-773-1	2023-02-13
https://access.redhat.com/security/cve/CVE-2009-1194	2009-05-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				<= 1.22 Search vendor "Pango" for product "Pango" and version " <= 1.22"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.2 Search vendor "Pango" for product "Pango" and version "1.2"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.4 Search vendor "Pango" for product "Pango" and version "1.4"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.6 Search vendor "Pango" for product "Pango" and version "1.6"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.8 Search vendor "Pango" for product "Pango" and version "1.8"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.10 Search vendor "Pango" for product "Pango" and version "1.10"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.12 Search vendor "Pango" for product "Pango" and version "1.12"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.14 Search vendor "Pango" for product "Pango" and version "1.14"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.16 Search vendor "Pango" for product "Pango" and version "1.16"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.18 Search vendor "Pango" for product "Pango" and version "1.18"		-		Affected
Pango Search vendor "Pango"		Pango Search vendor "Pango" for product "Pango"				1.20 Search vendor "Pango" for product "Pango" and version "1.20"		-		Affected