[Bug 671122] CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects
bugzilla at redhat.com
bugzilla at redhat.com
Fri Jan 21 18:43:18 UTC 2011
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=671122
--- Comment #6 from Josh Bressers (Security Response Team) <bressers at redhat.com> 2011-01-21 13:43:17 EST ---
I've looked over how pango is used in Red Hat Enterprise Linux. I do not
believe this poses a significant risk. Nothing that uses pango for layout will
accept arbitrary font input. Since this bug needs a malformed font, user
interaction will be needed to exploit this flaw.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the fonts-bugs
mailing list