QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-1194

Back to search

CVE-2009-1194

Published: May 11, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.

VendorProductVersions

n/a

n/a

affected
n/a

References

35038
third-party-advisory
x_refsource_SECUNIA
DSA-1798
vendor-advisory
x_refsource_DEBIAN
RHSA-2009:0476
vendor-advisory
x_refsource_REDHAT
36145
third-party-advisory
x_refsource_SECUNIA
35018
third-party-advisory
x_refsource_SECUNIA
35021
third-party-advisory
x_refsource_SECUNIA
34870
vdb-entry
x_refsource_BID
1022196
vdb-entry
x_refsource_SECTRACK
54279
vdb-entry
x_refsource_OSVDB
SUSE-SA:2009:039
vendor-advisory
x_refsource_SUSE
ADV-2009-1269
vdb-entry
x_refsource_VUPEN
35758
vdb-entry
x_refsource_BID
36005
third-party-advisory
x_refsource_SECUNIA
35685
third-party-advisory
x_refsource_SECUNIA
USN-773-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SA:2009:042
vendor-advisory
x_refsource_SUSE
SUSE-SR:2009:012
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:10137
vdb-entry
signature
x_refsource_OVAL
35914
third-party-advisory
x_refsource_SECUNIA
ADV-2009-1972
vdb-entry
x_refsource_VUPEN
35027
third-party-advisory
x_refsource_SECUNIA
264308
vendor-advisory
x_refsource_SUNALERT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now