CVE-2010-0421

Name of the Vulnerable Software and Affected Versions libpango1.0-0 versions prior to 1.27.1 libpango1.0-0-dbg versions prior to 1.27.1 libpango1.0-dev versions prior to 1.27.1 libpango1.0-doc versions prior to 1.27.1 libpango1.0-common versions prior to 1.27.1 libpango1.0-udeb versions prior to 1.27.1

Description The issue is related to multiple vulnerabilities in the Pango library, which can lead to a denial of service (application crash) when exploited. The vulnerabilities can be exploited remotely. Specifically, an array index error in the hb ot layout build glyph classes function in pango/opentype/hb-ot-layout.cc allows context-dependent attackers to cause a denial of service via a crafted font file.

Recommendations For libpango1.0-0 versions prior to 1.27.1, update to version 1.27.1 or later. For libpango1.0-0-dbg versions prior to 1.27.1, update to version 1.27.1 or later. For libpango1.0-dev versions prior to 1.27.1, update to version 1.27.1 or later. For libpango1.0-doc versions prior to 1.27.1, update to version 1.27.1 or later. For libpango1.0-common versions prior to 1.27.1, update to version 1.27.1 or later. For libpango1.0-udeb versions prior to 1.27.1, update to version 1.27.1 or later. As a temporary workaround, consider restricting access to crafted font files to minimize the risk of exploitation.