USN-773-1 -- pango1.0 vulnerability
|ID: oval:org.secpod.oval:def:700316||Date: (C)2011-05-13 (M)2017-11-27|
|Class: PATCH||Family: unix|
Will Drewry discovered that Pango incorrectly handled rendering text with long glyphstrings. If a user were tricked into displaying specially crafted data with applications linked against Pango, such as Firefox, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.