CVE-2010-0421 - OpenCVE

Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Gnome	Pango

Configuration 1 [-]

cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*

References

Link	Resource
http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2	Patch
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://secunia.com/advisories/39041
http://securitytracker.com/id?1023711
http://www.debian.org/security/2010/dsa-2019
http://www.mandriva.com/security/advisories?name=MDVSA-2010:121
http://www.redhat.com/support/errata/RHSA-2010-0140.html
http://www.securityfocus.com/bid/38760
http://www.vupen.com/english/advisories/2010/0627
http://www.vupen.com/english/advisories/2010/0661
http://www.vupen.com/english/advisories/2010/1552
https://bugzilla.redhat.com/show_bug.cgi?id=555831
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9417

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2010-03-18T17:12:00

Updated: 2017-09-18T12:57:01

Reserved: 2010-01-27T00:00:00

Link: CVE-2010-0421

JSON object: View

NVD Information

Status : Modified

Published: 2010-03-18T17:30:00.463

Modified: 2021-07-14T15:41:17.550

Link: CVE-2010-0421

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-15T00:00:00", "descriptions": [{"lang": "en", "value": "Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "MDVSA-2010:121", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:121"}, {"name": "ADV-2010-1552", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1552"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555831"}, {"name": "oval:org.mitre.oval:def:9417", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9417"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2"}, {"name": "39041", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39041"}, {"name": "DSA-2019", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2019"}, {"name": "RHSA-2010:0140", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0140.html"}, {"name": "SUSE-SR:2010:013", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"name": "ADV-2010-0661", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0661"}, {"name": "SUSE-SR:2010:009", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"}, {"name": "SUSE-SR:2010:012", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"}, {"name": "38760", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38760"}, {"name": "ADV-2010-0627", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0627"}, {"name": "1023711", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023711"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-0421", "datePublished": "2010-03-18T17:12:00", "dateReserved": "2010-01-27T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:pango:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC173203-E069-4195-9345-1BA8ECEC8A3D", "versionEndIncluding": "1.27", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database."}, {"lang": "es", "value": "Error de \u00edndice de un Array en la anteriores a v1.27.1 permite a atacantes , dependiendo del contexto, provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un fichero de fuentes modificado, relativo a la construcci\u00f3n de de una tabla sint\u00e9tica Glyph Definition (tambi\u00e9n conocida como GDEF) mediante el uso del mapa de caracteres de esta fuente y las propiedades de la abse de datos UNICODE."}], "id": "CVE-2010-0421", "lastModified": "2021-07-14T15:41:17.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-03-18T17:30:00.463", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://ftp.gnome.org/pub/GNOME/sources/pango/1.27/pango-1.27.1.tar.bz2"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/39041"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1023711"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2019"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:121"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2010-0140.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/38760"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/0627"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/0661"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2010/1552"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=555831"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9417"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}