fkie_cve-2009-1194
Vulnerability from fkie_nvd
Published
2009-05-11 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
References
secalert@redhat.comhttp://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html
secalert@redhat.comhttp://osvdb.org/54279
secalert@redhat.comhttp://secunia.com/advisories/35018
secalert@redhat.comhttp://secunia.com/advisories/35021
secalert@redhat.comhttp://secunia.com/advisories/35027
secalert@redhat.comhttp://secunia.com/advisories/35038
secalert@redhat.comhttp://secunia.com/advisories/35685
secalert@redhat.comhttp://secunia.com/advisories/35914
secalert@redhat.comhttp://secunia.com/advisories/36005
secalert@redhat.comhttp://secunia.com/advisories/36145
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
secalert@redhat.comhttp://www.debian.org/security/2009/dsa-1798
secalert@redhat.comhttp://www.mozilla.org/security/announce/2009/mfsa2009-36.html
secalert@redhat.comhttp://www.ocert.org/advisories/ocert-2009-001.htmlPatch
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2009/05/07/1
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2009-0476.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/503349/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/34870
secalert@redhat.comhttp://www.securityfocus.com/bid/35758
secalert@redhat.comhttp://www.securitytracker.com/id?1022196
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-773-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/1269
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/1972
secalert@redhat.comhttps://bugzilla.mozilla.org/show_bug.cgi?id=480134
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=496887Exploit
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/50397
secalert@redhat.comhttps://launchpad.net/bugs/cve/2009-1194
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137
af854a3a-2127-422b-91ae-364da2661108http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/54279
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35018
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35021
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35027
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35038
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35685
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35914
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36005
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36145
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1798
af854a3a-2127-422b-91ae-364da2661108http://www.mozilla.org/security/announce/2009/mfsa2009-36.html
af854a3a-2127-422b-91ae-364da2661108http://www.ocert.org/advisories/ocert-2009-001.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2009/05/07/1
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2009-0476.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/503349/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34870
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/35758
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022196
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-773-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1269
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1972
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=480134
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=496887Exploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/50397
af854a3a-2127-422b-91ae-364da2661108https://launchpad.net/bugs/cve/2009-1194
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137
Impacted products
Vendor Product Version
pango pango *
pango pango 1.2
pango pango 1.4
pango pango 1.6
pango pango 1.8
pango pango 1.10
pango pango 1.12
pango pango 1.14
pango pango 1.16
pango pango 1.18
pango pango 1.20


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pango:pango:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B42FA2-C5FA-4F4B-8542-889AEF8BD855",
              "versionEndIncluding": "1.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pango:pango:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A419445-E8C0-4BC1-A592-9B63FCC8354C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pango:pango:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31EA2429-07F7-4569-9D4D-0397BD2708BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pango:pango:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F64E49C-25CF-4C59-AD1A-AA804AA1D746",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pango:pango:1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5C554F1-F4B7-47C3-B6E0-8822B205B79B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pango:pango:1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE0ECCE2-76E8-4A4B-A6CA-EEC45E3D7403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pango:pango:1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6322FCB-DC34-4C4B-A8AE-9983927F6B25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pango:pango:1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "85CB58A0-A452-40EE-818F-A56723BBBF43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pango:pango:1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "30BA57EA-8702-4247-8A75-DB5D2AD18F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pango:pango:1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F73FC80-FB3C-4AEA-BB27-961CD378B1B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pango:pango:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "B78E87B1-4879-42AE-9B98-9AA176C8ECC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de entero en la funci\u00f3n pango_glyph_string_set_size en pango/glyphstring.c en Pango antes de la versi\u00f3n v1.24 permite causar una denegaci\u00f3n de servicio (mediante ca\u00edda de la aplicaci\u00f3n) a atacantes dependientes del contexto y posiblemente tambi\u00e9n ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena glifo demasiado larga que desencadena un desbordamiento de b\u00fafer basado en mont\u00edculo, como se ha demostrado por un valor document.location demasiado largo en Firefox."
    }
  ],
  "id": "CVE-2009-1194",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-05-11T15:30:00.377",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/54279"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35018"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35021"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35027"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35038"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35685"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35914"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/36005"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/36145"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2009/dsa-1798"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-36.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ocert.org/advisories/ocert-2009-001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2009/05/07/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0476.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/503349/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/34870"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/35758"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1022196"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-773-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1269"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1972"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=480134"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496887"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50397"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://launchpad.net/bugs/cve/2009-1194"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/54279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-36.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ocert.org/advisories/ocert-2009-001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2009/05/07/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0476.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/503349/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-773-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1269"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=480134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496887"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://launchpad.net/bugs/cve/2009-1194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.