OPENSUSE-SU-2026:20697-1 Security update for cairo

This update for cairo fixes the following issue: - CVE-2025-50422: Poppler crash on malformed input bsc1247589...

CVE-2022-31153

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...

JLSEC-2025-13 cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted documen...

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c the generate and renderrows functions and cairo-image-compositor.c the cairoimagespansandzero function...

EUVD-2015-4532

Malware in sbrugna...

EUVD-2021-16431

Malware in sbrugna...

EUVD-2023-0188

Malicious code in bioql PyPI...

EUVD-2022-0403

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-27586

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files....

Linux Distros Unpatched Vulnerability : CVE-2021-29972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediat...

AZL-67719 CVE-2025-50422 affecting package cairo 1.17.4-3

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled-face == NULL" assertion failure for cairoftunscaledfontfini in cairo-ft-font.c...

CVE-2021-29972

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox 90...

Advisory ROSA-SA-2025-2780

Software: pixman 0.38.4 OS: ROSA Virtualization 2.1 packageevrstring: pixman-0.38.4-4.rv3 CVE-ID: CVE-2020-35492 BDU-ID: 2021-03445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the image-compositor.c component of the Cairo vector graphics library is related to a data stack buffer overflow...

OSV-2025-202 UNKNOWN READ in _blit_xrgb32_lerp_spans

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=402836107 Crash type: UNKNOWN READ Crash state: blitxrgb32lerpspans cairorectangularscanconvertergenerate compositeboxes...

Linux Distros Unpatched Vulnerability : CVE-2017-9814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because of mishandling of an...

SUSE CVE-2006-0528

The cairo library libcairo, as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service persistent client crash via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the...

SUSE CVE-2015-0824

The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service out-of-bounds write of zero values, and application crash via vectors that trigger use of DrawTarget and the Cairo library for image drawing...

SUSE CVE-2017-9814

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service out-of-bounds read because of mishandling of an unexpected malloc0 call...

SUSE CVE-2018-19876

cairo 1.16.0, in cairoftapplyvariations in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free: invalid pointer" error...

SUSE CVE-2019-6462

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function arcerrornormalized in the file cairo-arc.c, related to arcmaxanglefortolerancenormalized...

SUSE CVE-2021-29972

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox 90...