{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-05-07T00:00:00.000Z","descriptions":[{"lang":"en","value":"Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-10T18:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"35038","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35038"},{"name":"DSA-1798","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2009/dsa-1798"},{"tags":["x_refsource_CONFIRM"],"url":"http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e"},{"name":"RHSA-2009:0476","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://www.redhat.com/support/errata/RHSA-2009-0476.html"},{"name":"36145","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36145"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=480134"},{"tags":["x_refsource_MISC"],"url":"http://www.ocert.org/advisories/ocert-2009-001.html"},{"name":"35018","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35018"},{"name":"35021","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35021"},{"name":"34870","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/34870"},{"name":"1022196","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1022196"},{"name":"54279","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/54279"},{"name":"SUSE-SA:2009:039","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html"},{"name":"[oss-security] 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2009/05/07/1"},{"name":"ADV-2009-1269","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/1269"},{"name":"35758","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/35758"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496887"},{"name":"36005","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/36005"},{"tags":["x_refsource_CONFIRM"],"url":"https://launchpad.net/bugs/cve/2009-1194"},{"name":"35685","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35685"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.mozilla.org/security/announce/2009/mfsa2009-36.html"},{"name":"USN-773-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-773-1"},{"name":"SUSE-SA:2009:042","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html"},{"name":"SUSE-SR:2009:012","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"},{"name":"oval:org.mitre.oval:def:10137","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137"},{"name":"35914","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35914"},{"name":"ADV-2009-1972","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2009/1972"},{"name":"35027","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/35027"},{"name":"20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/503349/100/0/threaded"},{"name":"pango-pangoglyphstringsetsize-bo(50397)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50397"},{"name":"264308","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-07T05:04:49.105Z"},"title":"CVE Program Container","references":[{"name":"35038","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35038"},{"name":"DSA-1798","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2009/dsa-1798"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e"},{"name":"RHSA-2009:0476","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2009-0476.html"},{"name":"36145","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36145"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=480134"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.ocert.org/advisories/ocert-2009-001.html"},{"name":"35018","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35018"},{"name":"35021","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35021"},{"name":"34870","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/34870"},{"name":"1022196","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1022196"},{"name":"54279","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/54279"},{"name":"SUSE-SA:2009:039","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html"},{"name":"[oss-security] 20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2009/05/07/1"},{"name":"ADV-2009-1269","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/1269"},{"name":"35758","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/35758"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=496887"},{"name":"36005","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/36005"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://launchpad.net/bugs/cve/2009-1194"},{"name":"35685","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35685"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.mozilla.org/security/announce/2009/mfsa2009-36.html"},{"name":"USN-773-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-773-1"},{"name":"SUSE-SA:2009:042","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html"},{"name":"SUSE-SR:2009:012","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"},{"name":"oval:org.mitre.oval:def:10137","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137"},{"name":"35914","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35914"},{"name":"ADV-2009-1972","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2009/1972"},{"name":"35027","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/35027"},{"name":"20090507 [oCERT-2009-001] Pango integer overflow in heap allocation size calculations","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/503349/100/0/threaded"},{"name":"pango-pangoglyphstringsetsize-bo(50397)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50397"},{"name":"264308","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2009-1194","datePublished":"2009-05-11T15:19:00.000Z","dateReserved":"2009-03-31T00:00:00.000Z","dateUpdated":"2024-08-07T05:04:49.105Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}