4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
Marc Schoenefeld discovered an improper input sanitization in Pango, a library
for layout and rendering of text, leading to array indexing error.
If a local user was tricked into loading a specially-crafted font file in an
application, using the Pango font rendering library, it could lead to denial
of service (application crash).
For the stable distribution (lenny), this problem has been fixed in
version 1.20.5-5+lenny1.
For the testing distribution (squeeze), and the unstable distribution (sid),
this problem will be fixed soon.
We recommend that you upgrade your pango1.0 package.
CPE | Name | Operator | Version |
---|---|---|---|
pango1.0 | eq | 1.20.5-3 | |
pango1.0 | eq | 1.20.5-3+lenny1 | |
pango1.0 | eq | 1.20.5-5 | |
pango1.0 | eq | 1.20.5-4+lenny1 | |
pango1.0 | eq | 1.20.5-4 |