Project

General

Profile

Bug #9448

pango: application crash triggered by unicode chars in pango-emoji.c (CVE-2018-15120)

Added by Alicha CH 8 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
09/21/2018
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

A flaw was found in Pango since versions 1.40.8 up to newer. Typing certain invalid Emoji sequences into
a GTK+ application can trigger a Reachable Assertion resulting in an application crash.

Fixed In Version:

pango 1.42.4

References:

https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15120

Patch:

https://gitlab.gnome.org/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f


Subtasks

Bug #9449: [3.8] pango: application crash triggered by unicode chars in pango-emoji.c (CVE-2018-15120)ClosedNatanael Copa

Bug #9450: [3.7] pango: application crash triggered by unicode chars in pango-emoji.c (CVE-2018-15120)ClosedNatanael Copa

History

#1 Updated by Leonardo Arena 7 months ago

  • Status changed from New to Resolved

#2 Updated by Alicha CH 7 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-15120)

Also available in: Atom PDF