CVE-2010-0421

NameCVE-2010-0421
DescriptionArray index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2019-1
Debian Bugs574021

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pango1.0 (PTS)buster1.42.4-8~deb10u1fixed
buster (security)1.42.4-7~deb10u1fixed
bullseye1.46.2-3fixed
bookworm1.50.12+ds-1fixed
trixie1.52.0+ds-1fixed
sid1.52.1+ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pango1.0sourcelenny1.20.5-5+lenny1DSA-2019-1
pango1.0source(unstable)1.26.2-1574021
Search for package or bug name: Reporting problems