[3.8] pango: application crash triggered by unicode chars in pango-emoji.c (CVE-2018-15120)
A flaw was found in Pango since versions 1.40.8 up to newer. Typing
certain invalid Emoji sequences into
a GTK+ application can trigger a Reachable Assertion resulting in an
application crash.
Fixed In Version:
pango 1.42.4
References:
https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15120
Patch:
https://gitlab.gnome.org/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f
(from redmine: issue id 9449, created on 2018-09-21, closed on 2018-11-08)
- Relations:
- parent #9448 (closed)
- Changesets:
- Revision 684888b0 on 2018-11-06T15:48:39Z:
main/pango: security fix (CVE-2018-15120)
Fixes #9449