CVE-2011-0020

Name of the Vulnerable Software and Affected Versions Pango versions 1.28.3 and earlier

Description The issue is related to a heap-based buffer overflow in the pango ft2 font render box glyph function, which can be triggered by a crafted font file when the FreeType2 backend is enabled. This can lead to a denial of service, causing the application to crash, or potentially allow the execution of arbitrary code. The problem is associated with the glyph box for an FT Bitmap object.

Recommendations For Pango versions 1.28.3 and earlier, consider updating to a newer version to resolve the issue. As a temporary workaround, restrict the use of crafted font files to minimize the risk of exploitation.