CVE-2010-0421

NameCVE-2010-0421
DescriptionArray index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2019-1
NVD severitymedium (attack range: remote)
Debian Bugs574021

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pango1.0 (PTS)wheezy1.30.0-1fixed
jessie1.36.8-3fixed
stretch1.40.5-1fixed
buster, sid1.40.12-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pango1.0source(unstable)1.26.2-1medium574021
pango1.0sourcelenny1.20.5-5+lenny1mediumDSA-2019-1

Search for package or bug name: Reporting problems