Headline
CVE-2019-1010238: USN-4081-1: Pango vulnerability | Ubuntu security notices | Ubuntu
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.
31 July 2019
Pango could be made to execute arbitrary code if it received a specially crafted input.
Releases
- Ubuntu 19.04
Packages
- pango1.0 - Layout and rendering of internationalized text - gir bindings
Details
It was discovered that Pango incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
Canonical is offering Extended Security Maintenance
Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.
Find out more about ESM ›
Further reading
- Loading…