CVE-2009-1194
RCETitle: Pango RCE
RCE
Proof Of Concept
No public PoC currently indexed for CVE-2009-1194.
CWE Category
CWE-189
Published Date
May 11, 2009
Modified Date
Apr 09, 2025
Exploit Status
Not Found
Score
6.8
CVSS v2.0
Exploit Probability (EPSS)
4.85%
Vulnerability Summary
CVE-2009-1194: Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow, as demonstrated by a long document.location value in Firefox.
Impacted Vendors
Reference Links
http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html
http://osvdb.org/54279
http://secunia.com/advisories/35018
http://secunia.com/advisories/35021
http://secunia.com/advisories/35027
http://secunia.com/advisories/35038
http://secunia.com/advisories/35685
http://secunia.com/advisories/35914
http://secunia.com/advisories/36005
http://secunia.com/advisories/36145
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://www.debian.org/security/2009/dsa-1798
http://www.mozilla.org/security/announce/2009/mfsa2009-36.html
http://www.ocert.org/advisories/ocert-2009-001.html
http://www.openwall.com/lists/oss-security/2009/05/07/1
http://www.redhat.com/support/errata/RHSA-2009-0476.html
http://www.securityfocus.com/archive/1/503349/100/0/threaded
http://www.securityfocus.com/bid/34870
http://www.securityfocus.com/bid/35758
http://www.securitytracker.com/id?1022196
http://www.ubuntu.com/usn/USN-773-1
http://www.vupen.com/english/advisories/2009/1269
http://www.vupen.com/english/advisories/2009/1972
https://bugzilla.mozilla.org/show_bug.cgi?id=480134
https://bugzilla.redhat.com/show_bug.cgi?id=496887
https://exchange.xforce.ibmcloud.com/vulnerabilities/50397
https://launchpad.net/bugs/cve/2009-1194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137
http://github.com/bratsche/pango/commit/4de30e5500eaeb49f4bf0b7a07f718e149a2ed5e
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html
http://osvdb.org/54279
http://secunia.com/advisories/35018
http://secunia.com/advisories/35021
http://secunia.com/advisories/35027
http://secunia.com/advisories/35038
http://secunia.com/advisories/35685
http://secunia.com/advisories/35914
http://secunia.com/advisories/36005
http://secunia.com/advisories/36145
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://www.debian.org/security/2009/dsa-1798
http://www.mozilla.org/security/announce/2009/mfsa2009-36.html
http://www.ocert.org/advisories/ocert-2009-001.html
http://www.openwall.com/lists/oss-security/2009/05/07/1
http://www.redhat.com/support/errata/RHSA-2009-0476.html
http://www.securityfocus.com/archive/1/503349/100/0/threaded
http://www.securityfocus.com/bid/34870
http://www.securityfocus.com/bid/35758
http://www.securitytracker.com/id?1022196
http://www.ubuntu.com/usn/USN-773-1
http://www.vupen.com/english/advisories/2009/1269
http://www.vupen.com/english/advisories/2009/1972
https://bugzilla.mozilla.org/show_bug.cgi?id=480134
https://bugzilla.redhat.com/show_bug.cgi?id=496887
https://exchange.xforce.ibmcloud.com/vulnerabilities/50397
https://launchpad.net/bugs/cve/2009-1194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10137
CVSS v2.0
Source Entity
[email protected]
Severity
MEDIUM
6.8
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:M/Au:N/C:P/I:P/A:P
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2009-1194 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Stack
No specific products linked.