Project

General

Profile

Bug #9449

Bug #9448: pango: application crash triggered by unicode chars in pango-emoji.c (CVE-2018-15120)

[3.8] pango: application crash triggered by unicode chars in pango-emoji.c (CVE-2018-15120)

Added by Alicha CH 9 months ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
09/21/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

A flaw was found in Pango since versions 1.40.8 up to newer. Typing certain invalid Emoji sequences into
a GTK+ application can trigger a Reachable Assertion resulting in an application crash.

Fixed In Version:

pango 1.42.4

References:

https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15120

Patch:

https://gitlab.gnome.org/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f

Associated revisions

Revision 684888b0 (diff)
Added by Leonardo Arena 8 months ago

main/pango: security fix (CVE-2018-15120)

Fixes #9449

History

#1 Updated by Anonymous 8 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH 8 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-15120)

Also available in: Atom PDF