CVE-2010-0421

Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:N/I:N/A:P
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
gnomepango
𝑥
≤ 1.27
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pango1.0
bullseye
1.46.2-3
fixed
bookworm
1.50.12+ds-1
fixed
sid
1.54.0+ds-2
fixed
trixie
1.54.0+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pango1.0
maverick
not-affected
lucid
not-affected
karmic
Fixed 1.26.0-1ubuntu0.1
released
jaunty
ignored
intrepid
ignored
hardy
Fixed 1.20.5-0ubuntu1.2
released
dapper
ignored