CVE - CVE-2010-0421

CVE-ID
CVE-2010-0421	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1023711 URL:http://securitytracker.com/id?1023711 MISC:38760 URL:http://www.securityfocus.com/bid/38760 MISC:39041 URL:http://secunia.com/advisories/39041 MISC:ADV-2010-0627 URL:~~http://www.vupen.com/english/advisories/2010/0627~~ (Obsolete source) MISC:ADV-2010-0661 URL:~~http://www.vupen.com/english/advisories/2010/0661~~ (Obsolete source) MISC:ADV-2010-1552 URL:~~http://www.vupen.com/english/advisories/2010/1552~~ (Obsolete source) MISC:DSA-2019 URL:http://www.debian.org/security/2010/dsa-2019 MISC:MDVSA-2010:121 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:121~~ (Obsolete source) MISC:RHSA-2010:0140 URL:http://www.redhat.com/support/errata/RHSA-2010-0140.html MISC:SUSE-SR:2010:009 URL:http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html MISC:SUSE-SR:2010:012 URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html MISC:SUSE-SR:2010:013 URL:http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html MISC:http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2 URL:http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=555831 URL:https://bugzilla.redhat.com/show_bug.cgi?id=555831 MISC:oval:org.mitre.oval:def:9417 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9417
Assigning CNA
Red Hat, Inc.
Date Record Created
20100127	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100127)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)