user/pango: CVE-2019-1010238: pango_log2vis_get_embedding_levels buffer overflow
Bugzilla ID | 133 |
Alias(es) | CVE-2019-1010238 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2019-07-31 06:54:16 -0500 |
Modified | 2019-09-28 13:34:23 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
URL | https://nvd.nist.gov/vuln/detail/CVE-2019-1010238 |
Description
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact
is: The heap based buffer overflow can be used to get code execution.
The component is: function name: pango_log2vis_get_embedding_levels,
assignment of nchars and the loop condition. The attack vector is: Bug
can be used when application pass invalid utf-8 strings to functions
like pango_itemize.