Pango: Denial of Service — GLSA 201811-07

A vulnerability in Pango could result in a Denial of Service condition.

Affected Packages

x11-libs/pango on all architectures
Affected versions < 1.42.4
Unaffected versions >= 1.42.4

Background

Library for layout and rendering of internationalized text.

Description

Processing certain invalid Emoji sequences in a GTK+ application can trigger a reachable assertion resulting in an application crash.

Impact

A remote attacker could provide a specially crafted Emoji sequences, possibly resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Pango users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-libs/pango-1.42.4"
 

References

Release Date
November 10, 2018

Latest Revision
November 10, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries