Pango pango_glyph_string_set_size()函数整数溢出漏洞

admin

0
文章

0
评论

2022-07-23 13:49:20 CNNVD漏洞来源：ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Pango pango_glyph_string_set_size()函数整数溢出漏洞

CNNVD编号：CNNVD-200905-109
危害等级：高危
CVE编号： CVE-2009-1194
漏洞类型：数字错误
发布时间： 2009-05-11
威胁类型：远程
更新时间： 2009-05-19
厂商： pango
漏洞来源： Will Drewry wad@g...

漏洞简介

Pango是一个开放源码的自由函数库，用于高质量地渲染国际化的文字。

Pango的pango_glyph_string_set_size函数在进行乘法运算时存在整数溢出漏洞：

string-＞glyphs = g_realloc (string-＞glyphs, string-＞space *

sizeof (PangoGlyphInfo));

如果用户受骗使用链接到该库的应用程序打开了包含有超长字型信息的恶意字体文件的话，就可能触发这个溢出，导致执行任意代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

http://www.debian.org/security/2009/dsa-1798

http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8.orig.tar.gz

Size/MD5 checksum:1903985 18c64e6cd7b91d04c40ef621a3d8fa4a

http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8-5+etch1.diff.gz

Size/MD5 checksum:26479 ed32cd0fab563f3d0446fd9ec43b2f7c

http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8-5+etch1.dsc

Size/MD5 checksum: 1755 dc9d2d9010dc5dcc17fdf589db1a2e5e

Architecture independent packages:

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-doc_1.14.8-5+etch1_all.deb

Size/MD5 checksum: 253836 dbc3410b16ec27ddfed6dc8c1fb23daf

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-common_1.14.8-5+etch1_all.deb

Size/MD5 checksum: 6668 f10d91ab42b3eba15ef083bfb7540de5

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_alpha.udeb

Size/MD5 checksum: 248652 708bd8f608c2447f8e0a82febf1e587a

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_alpha.deb

Size/MD5 checksum: 362654 22a3cea2b5598180f52caf057dba3ecd

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_alpha.deb

Size/MD5 checksum: 496650 9b68bc2d3e14db69c128b0845eaa4a85

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_alpha.deb

Size/MD5 checksum: 695224 d72beaf860b54f76008af828e71eacd0

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_amd64.deb

Size/MD5 checksum: 704936 0535ac16c732c783b55bbd0a877d8a78

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_amd64.deb

Size/MD5 checksum: 335362 3181dcff1339b37ebc22d4a65751dc99

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_amd64.deb

Size/MD5 checksum: 384990 88a73bdbf1ade11b93416eeaa47fed05

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_amd64.udeb

Size/MD5 checksum: 224702 eed5fa5149bae7cb5425af34f1ec3edc

arm architecture (ARM)

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_arm.deb

Size/MD5 checksum: 662692 853a22e95710cdbc2d6466d8a57d4869

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_arm.deb

Size/MD5 checksum: 349496 dffb98f863c7d1965ceee910db8e02c7

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_arm.udeb

Size/MD5 checksum: 202936 b4574bd7f773fd4de522caf2cf9947bd

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_arm.deb

Size/MD5 checksum: 307638 31237ca7f49f47c18b8f648cd2886856

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_hppa.deb

Size/MD5 checksum: 357600 f73a658e1f9e70a50ee3a84d5c5b970b

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_hppa.deb

Size/MD5 checksum: 673998 e3a17f9b99670c80d11beac2c4593aa8

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_hppa.deb

Size/MD5 checksum: 417448 c666abe6774a4207c8d0f4f6b6210c8e

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_hppa.udeb

Size/MD5 checksum: 242820 9e3c948ace44963cbc99ef43c59d8987

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_i386.deb

Size/MD5 checksum: 648360 44005bd92a8dbf3b89c8903e05690f23

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_i386.deb

Size/MD5 checksum: 344914 d41eb5702362976a8e080d5e80270343

http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_i386.deb

Size/MD5 checksum: 312862 598616609baee45e6a72d8ca449737da

http://security.debian.org/pool/updates/main/p/pango1.

参考网址

来源: MISC

链接:http://www.ocert.org/advisories/ocert-2009-001.HTML

来源: launchpad.net

链接:https://launchpad.net/bugs/cve/2009-1194

来源: bugzilla.redhat.com

链接:https://bugzilla.redhat.com/show_bug.cgi?id=496887

来源: bugzilla.mozilla.org

链接:https://bugzilla.mozilla.org/show_bug.cgi?id=480134

来源: XF

名称: pango-pangoglyphstringsetsize-bo(50397)

链接:http://xforce.iss.net/xforce/xfdb/50397

来源: VUPEN

名称: ADV-2009-1972

链接:http://www.vupen.com/english/advisories/2009/1972

来源: VUPEN

名称: ADV-2009-1269

链接:http://www.vupen.com/english/advisories/2009/1269

来源: UBUNTU

名称: USN-773-1

链接:http://www.ubuntu.com/usn/USN-773-1

来源: SECTRACK

名称: 1022196

链接:http://www.securitytracker.com/id?1022196

来源: BID

名称: 35758

链接:http://www.securityfocus.com/bid/35758

来源: BID

名称: 34870

链接:http://www.securityfocus.com/bid/34870

来源: BUGTRAQ

名称: 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations

链接:http://www.securityfocus.com/archive/1/archive/1/503349/100/0/threaded

来源: REDHAT

名称: RHSA-2009:0476

链接:http://www.redhat.com/support/errata/RHSA-2009-0476.HTML

来源: MLIST

名称: [oss-security] 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations

链接:http://www.openwall.com/lists/oss-security/2009/05/07/1

来源: www.mozilla.org

链接:http://www.mozilla.org/security/announce/2009/mfsa2009-36.HTML

来源: DEBIAN

名称: DSA-1798

链接:http://www.debian.org/security/2009/dsa-1798

来源: SUNALERT

名称: 264308

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

来源: SECUNIA

名称: 36145

链接:http://secunia.com/advisories/36145

来源: SECUNIA

名称: 36005

链接:http://secunia.com/advisories/36005

来源: SECUNIA

名称: 35914

链接:http://secunia.com/advisories/35914

来源: SECUNIA

名称: 35685

链接:http://secunia.com/advisories/35685

来源: SECUNIA

名称: 35038

链接:http://secunia.com/advisories/35038

来源: SECUNIA

名称: 35027

链接:http://secunia.com/advisories/35027

来源: SECUNIA

名称: 35021

链接:http://secunia.com/advisories/35021

来源: SECUNIA

名称: 35018

链接:http://secunia.com/advisories/35018

来源: OSVDB

名称: 54279

链接:http://osvdb.org/54279

来源: SUSE

名称: SUSE-SA:2009:042

链接:http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.HTML

来源: SUSE

名称: SUSE-SA:2009:039

链接:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.HTML

来源: SUSE

名称: SUSE-SR:2009:012

链接:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.HTML

来源: github.com

链接:http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e

受影响实体

Pango Pango:1.18
Pango Pango:1.20
Pango Pango:1.16
Pango Pango:1.14
Pango Pango:1.12

补丁

暂无

特别声明

本站(ZONE.CI)所有文章仅供技术研究，若将其信息做其他用途，由用户承担全部法律及连带责任，本站不承担任何法律及连带责任，请遵守中华人民共和国安全法.

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

咨询加Q：999999999

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

ZONE.CI 全球网安全领域涉猎者-乌云独行地带

ZONE.CI 全球网

Plugins

WordPress

Web前端

设计资源

Pango pango_glyph_string_set_size()函数整数溢出漏洞

漏洞信息详情

Pango pango_glyph_string_set_size()函数整数溢出漏洞

漏洞简介

漏洞公告

参考网址

受影响实体

补丁

Yigit_Aybuga Dizi Portali 'diziler.asp' SQL注入漏洞

Pango pango_glyph_string_set_size()函数整数溢出漏洞

Micgr Mic_blog SQL注入和未授权访问漏洞

Mozilla Firefox 安全漏洞

Mozilla Firefox Apple CoreGraphics整数溢出漏洞

Tribiq CMS Cookie 权限绕过漏洞

Mozilla Firefox 函数watch和defineSetter 内存破坏安全漏洞

CGI Rescue MiniBBS 跨站脚本攻击漏洞

CGI Rescue MiniBBS2 安全绕过漏洞

Mozilla Firefox 函数setTimeout 权限提升漏洞

ZONE.CI 全球网