Total vulnerabilities in the database
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.
| Software | From | Fixed in |
|---|---|---|
| pango / pango | 1.7 | 1.7.x |
| pango / pango | 1.5 | 1.5.x |
| pango / pango | 1.6 | 1.6.x |
| pango / pango | 1.17 | 1.17.x |
| pango / pango | 0.23 | 0.23.x |
| pango / pango | 1.9 | 1.9.x |
| pango / pango | 1.11 | 1.11.x |
| pango / pango | 0.22 | 0.22.x |
| pango / pango | 1.14 | 1.14.x |
| pango / pango | 1.21 | 1.21.x |
| pango / pango | 1.27 | 1.27.x |
| pango / pango | 1.1 | 1.1.x |
| pango / pango | 1.26 | 1.26.x |
| pango / pango | 1.16 | 1.16.x |
| pango / pango | 0.24 | 0.24.x |
| pango / pango | 1.8 | 1.8.x |
| pango / pango | 0.25 | 0.25.x |
| pango / pango | 1.4 | 1.4.x |
| pango / pango | 1.24 | 1.24.x |
| pango / pango | 1.19 | 1.19.x |
| pango / pango | 1.0 | 1.0.x |
| pango / pango | 1.15 | 1.15.x |
| pango / pango | 1.25 | 1.25.x |
| pango / pango | 1.10 | 1.10.x |
| pango / pango | 1.2 | 1.2.x |
| pango / pango | 1.3 | 1.3.x |
| pango / pango | 1.22 | 1.22.x |
| pango / pango | 1.18 | 1.18.x |
| pango / pango | 0.21 | 0.21.x |
| pango / pango | 0.26 | 0.26.x |
| pango / pango | 0.20 | 0.20.x |
| pango / pango | 1.12 | 1.12.x |
| pango / pango | 1.13 | 1.13.x |
| pango / pango | 1.23 | 1.23.x |
| pango / pango | 1.20 | 1.20.x |
| gnome / pango | - | 1.28.3.x |
| gnome / pango | 1.28.2 | 1.28.2.x |
| gnome / pango | 1.28.0 | 1.28.0.x |
| gnome / pango | 1.28.1 | 1.28.1.x |