November 16, 2009

Mandriva Linux Security Advisory 2009:158-1: pango

Integer overflow in the pango_glyph_string_set_size function in
pango/glyphstring.c in Pango before 1.24 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long glyph string that triggers a
heap-based buffer overflow.

This update corrects the issue.

Update:

pango for CS4 broke applications like MandrivaUpdate, mcc and so
on. This update corrects this problem...

Read More

Click Here!