A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example by convincing a user to open a file in an application using cairo or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality integrity as well as system availability.

🗓️ 30 Mar 2021 07:00:00Reported by MicrosoftType

Cairo image-compositor flaw before 1.17.4 allows crafted input to cause a stack overflow, risking confidentiality, integrity, and availability.

Reporter	Title	Published	Views	Family All 105
IBM Security Bulletins	Security Bulletin: IBM Watson Machine Learning Accelerator for IBM Cloud Pak for Data is affected by multiple vulnerabilities.	19 Feb 202617:06	–	ibm
ALT Linux	Security fix for the ALT Linux 10 package libcairo version 1:1.16.0-alt2	6 Jan 202300:00	–	altlinux
Tenable Nessus	Alibaba Cloud Linux 3 : 0202: cairo and pixman (ALINUX3-SA-2022:0202)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : cairo and pixman (ALSA-2022:1961)	12 May 202200:00	–	nessus
Tenable Nessus	CentOS 8 : cairo and pixman (CESA-2022:1961)	10 May 202200:00	–	nessus
Tenable Nessus	Debian DLA-2518-1 : cairo security update	6 Jan 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : cairo (EulerOS-SA-2021-1769)	30 Apr 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : cairo (EulerOS-SA-2021-1977)	28 Jun 202100:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.6.0 : cairo (EulerOS-SA-2021-2017)	30 Jun 202100:00	–	nessus
Tenable Nessus	EulerOS Virtualization 3.0.6.6 : cairo (EulerOS-SA-2021-2035)	1 Jul 202100:00	–	nessus