漏洞信息详情
Pango pango_glyph_string_set_size()函数整数溢出漏洞
- CNNVD编号:CNNVD-200905-109
- 危害等级: 高危
- CVE编号: CVE-2009-1194
- 漏洞类型: 数字错误
- 发布时间: 2009-05-11
- 威胁类型: 远程
- 更新时间: 2009-05-19
- 厂 商: pango
- 漏洞来源: Will Drewry wad@g...
漏洞简介
Pango是一个开放源码的自由函数库,用于高质量地渲染国际化的文字。
Pango的pango_glyph_string_set_size函数在进行乘法运算时存在整数溢出漏洞:
string->glyphs = g_realloc (string->glyphs, string->space *
sizeof (PangoGlyphInfo));
如果用户受骗使用链接到该库的应用程序打开了包含有超长字型信息的恶意字体文件的话,就可能触发这个溢出,导致执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://www.debian.org/security/2009/dsa-1798
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8.orig.tar.gz
Size/MD5 checksum:1903985 18c64e6cd7b91d04c40ef621a3d8fa4a
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8-5+etch1.diff.gz
Size/MD5 checksum:26479 ed32cd0fab563f3d0446fd9ec43b2f7c
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8-5+etch1.dsc
Size/MD5 checksum: 1755 dc9d2d9010dc5dcc17fdf589db1a2e5e
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-doc_1.14.8-5+etch1_all.deb
Size/MD5 checksum: 253836 dbc3410b16ec27ddfed6dc8c1fb23daf
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-common_1.14.8-5+etch1_all.deb
Size/MD5 checksum: 6668 f10d91ab42b3eba15ef083bfb7540de5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_alpha.udeb
Size/MD5 checksum: 248652 708bd8f608c2447f8e0a82febf1e587a
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_alpha.deb
Size/MD5 checksum: 362654 22a3cea2b5598180f52caf057dba3ecd
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_alpha.deb
Size/MD5 checksum: 496650 9b68bc2d3e14db69c128b0845eaa4a85
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_alpha.deb
Size/MD5 checksum: 695224 d72beaf860b54f76008af828e71eacd0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_amd64.deb
Size/MD5 checksum: 704936 0535ac16c732c783b55bbd0a877d8a78
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_amd64.deb
Size/MD5 checksum: 335362 3181dcff1339b37ebc22d4a65751dc99
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_amd64.deb
Size/MD5 checksum: 384990 88a73bdbf1ade11b93416eeaa47fed05
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_amd64.udeb
Size/MD5 checksum: 224702 eed5fa5149bae7cb5425af34f1ec3edc
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_arm.deb
Size/MD5 checksum: 662692 853a22e95710cdbc2d6466d8a57d4869
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_arm.deb
Size/MD5 checksum: 349496 dffb98f863c7d1965ceee910db8e02c7
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_arm.udeb
Size/MD5 checksum: 202936 b4574bd7f773fd4de522caf2cf9947bd
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_arm.deb
Size/MD5 checksum: 307638 31237ca7f49f47c18b8f648cd2886856
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_hppa.deb
Size/MD5 checksum: 357600 f73a658e1f9e70a50ee3a84d5c5b970b
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_hppa.deb
Size/MD5 checksum: 673998 e3a17f9b99670c80d11beac2c4593aa8
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_hppa.deb
Size/MD5 checksum: 417448 c666abe6774a4207c8d0f4f6b6210c8e
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_hppa.udeb
Size/MD5 checksum: 242820 9e3c948ace44963cbc99ef43c59d8987
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_i386.deb
Size/MD5 checksum: 648360 44005bd92a8dbf3b89c8903e05690f23
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_i386.deb
Size/MD5 checksum: 344914 d41eb5702362976a8e080d5e80270343
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_i386.deb
Size/MD5 checksum: 312862 598616609baee45e6a72d8ca449737da
http://security.debian.org/pool/updates/main/p/pango1.
参考网址
来源: MISC
链接:http://www.ocert.org/advisories/ocert-2009-001.HTML
来源: launchpad.net
链接:https://launchpad.net/bugs/cve/2009-1194
来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=496887
来源: bugzilla.mozilla.org
链接:https://bugzilla.mozilla.org/show_bug.cgi?id=480134
来源: XF
名称: pango-pangoglyphstringsetsize-bo(50397)
链接:http://xforce.iss.net/xforce/xfdb/50397
来源: VUPEN
名称: ADV-2009-1972
链接:http://www.vupen.com/english/advisories/2009/1972
来源: VUPEN
名称: ADV-2009-1269
链接:http://www.vupen.com/english/advisories/2009/1269
来源: UBUNTU
名称: USN-773-1
链接:http://www.ubuntu.com/usn/USN-773-1
来源: SECTRACK
名称: 1022196
链接:http://www.securitytracker.com/id?1022196
来源: BID
名称: 35758
链接:http://www.securityfocus.com/bid/35758
来源: BID
名称: 34870
链接:http://www.securityfocus.com/bid/34870
来源: BUGTRAQ
名称: 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations
链接:http://www.securityfocus.com/archive/1/archive/1/503349/100/0/threaded
来源: REDHAT
名称: RHSA-2009:0476
链接:http://www.redhat.com/support/errata/RHSA-2009-0476.HTML
来源: MLIST
名称: [oss-security] 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations
链接:http://www.openwall.com/lists/oss-security/2009/05/07/1
来源: www.mozilla.org
链接:http://www.mozilla.org/security/announce/2009/mfsa2009-36.HTML
来源: DEBIAN
名称: DSA-1798
链接:http://www.debian.org/security/2009/dsa-1798
来源: SUNALERT
名称: 264308
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
来源: SECUNIA
名称: 36145
链接:http://secunia.com/advisories/36145
来源: SECUNIA
名称: 36005
链接:http://secunia.com/advisories/36005
来源: SECUNIA
名称: 35914
链接:http://secunia.com/advisories/35914
来源: SECUNIA
名称: 35685
链接:http://secunia.com/advisories/35685
来源: SECUNIA
名称: 35038
链接:http://secunia.com/advisories/35038
来源: SECUNIA
名称: 35027
链接:http://secunia.com/advisories/35027
来源: SECUNIA
名称: 35021
链接:http://secunia.com/advisories/35021
来源: SECUNIA
名称: 35018
链接:http://secunia.com/advisories/35018
来源: OSVDB
名称: 54279
链接:http://osvdb.org/54279
来源: SUSE
名称: SUSE-SA:2009:042
链接:http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.HTML
来源: SUSE
名称: SUSE-SA:2009:039
链接:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.HTML
来源: SUSE
名称: SUSE-SR:2009:012
链接:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.HTML
来源: github.com
链接:http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e
受影响实体
- Pango Pango:1.18
- Pango Pango:1.20
- Pango Pango:1.16
- Pango Pango:1.14
- Pango Pango:1.12
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论