Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
2011-01-24T18:00:03.783
2025-04-11T00:51:21.963
Deferred
CVSSv2: 7.6 (HIGH)
AV:N/AC:H/Au:N/C:C/I:C/A:C
4.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | gnome | pango | ≤ 1.28.3 | Yes |
| Application | gnome | pango | 1.28.0 | Yes |
| Application | gnome | pango | 1.28.1 | Yes |
| Application | gnome | pango | 1.28.2 | Yes |
| Application | pango | pango | 0.20 | Yes |
| Application | pango | pango | 0.21 | Yes |
| Application | pango | pango | 0.22 | Yes |
| Application | pango | pango | 0.23 | Yes |
| Application | pango | pango | 0.24 | Yes |
| Application | pango | pango | 0.25 | Yes |
| Application | pango | pango | 0.26 | Yes |
| Application | pango | pango | 1.0 | Yes |
| Application | pango | pango | 1.1 | Yes |
| Application | pango | pango | 1.2 | Yes |
| Application | pango | pango | 1.3 | Yes |
| Application | pango | pango | 1.4 | Yes |
| Application | pango | pango | 1.5 | Yes |
| Application | pango | pango | 1.6 | Yes |
| Application | pango | pango | 1.7 | Yes |
| Application | pango | pango | 1.8 | Yes |
| Application | pango | pango | 1.9 | Yes |
| Application | pango | pango | 1.10 | Yes |
| Application | pango | pango | 1.11 | Yes |
| Application | pango | pango | 1.12 | Yes |
| Application | pango | pango | 1.13 | Yes |
| Application | pango | pango | 1.14 | Yes |
| Application | pango | pango | 1.15 | Yes |
| Application | pango | pango | 1.16 | Yes |
| Application | pango | pango | 1.17 | Yes |
| Application | pango | pango | 1.18 | Yes |
| Application | pango | pango | 1.19 | Yes |
| Application | pango | pango | 1.20 | Yes |
| Application | pango | pango | 1.21 | Yes |
| Application | pango | pango | 1.22 | Yes |
| Application | pango | pango | 1.23 | Yes |
| Application | pango | pango | 1.24 | Yes |
| Application | pango | pango | 1.25 | Yes |
| Application | pango | pango | 1.26 | Yes |
| Application | pango | pango | 1.27 | Yes |