CVE-2009-1194

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2009-1194 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Will Drewry.
The original article can be found at: http://www.ocert.org/advisories/ocert-2009-001.html

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2009-1194

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Pango versions prior to 1.24

Patch Availability:
* Pango version 1.24 or newer

The affected function is pango_glyph_string_set_size. An overflow check when doubling the size neglects the overflow possible on the subsequent allocation:

string->glyphs = g_realloc (string->glyphs, string->space *
sizeof (PangoGlyphInfo));

Note that other font rendering subsystems suffer from similar issues and should be cross-checked by maintainers.

CVE Information:
CVE-2009-1194

Disclosure Timeline:
2009-02-22: attempted to contact upstream via gtk-i18n-list@gnome.org 2009-02-25: bug filed with Mozilla against firefox 2009-03-02: Behdad Esfahbod patched Pango upstream for 1.24 2009-04-13: vendor-sec alerted regarding backporting the silent pango fix 2009-04-23: embargo date and CVE assigned (thanks Josh Bressers!) 2009-05-07: advisory released

References:
https://bugzilla.mozilla.org/show_bug.cgi?id=480134

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus