DSA-4496-1 pango1.0 -- pango1.0ID: oval:org.secpod.oval:def:604518 | Date: (C)2020-10-08 (M)2023-11-13 |
Class: PATCH | Family: unix |
Benno Fuenfstueck discovered that Pango, a library for layout and rendering of text with an emphasis on internationalization, is prone to a heap-based buffer overflow flaw in the pango_log2vis_get_embedding_levels function. An attacker can take advantage of this flaw for denial of service or potentially the execution of arbitrary code.
Product: |
libpango-1.0-0 |
libpango1.0-dev |
libpango1.0-doc |
libpangoxft-1.0-0 |
gir1.2-pango-1.0 |
libpangocairo-1.0-0 |
libpango1.0-udeb |
libpangoft2-1.0-0 |
pango1.0-tests |
libpango1.0-0 |
pango1.0-tools |