CVE-2010-0421

EPSS 1.7%

pango1.0 - denial of service

Published: 3/18/2010Modified: 4/28/2026

Description

Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.

Affected packages (2)

Debian/pango1.0from 0, < 1.26.2-1
Debian/pango1.0from 0, < 1.20.5-5+lenny1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-0421