CVE-2026-31899

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input...

SUSE-SU-2025:02795-1 Security update for cairo

This update for cairo fixes the following issues: - CVE-2019-6462: Fixed a potentially infinite loop bsc1122321...

SUSE CVE-2023-27586

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

The vulnerability of the find_name() function in the Cairo graphics library allows a hacker to trigger a service failure.

The vulnerability of the findname function in the Cairo graphics library is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

Mozilla Firefox Security Advisory (MFSA2014-41) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla Firefox Security Advisory (MFSA2015-22) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

The vulnerability of the Cairo graphic library in the Mozilla Firefox browser allows a hacker to execute arbitrary code or cause a denial-of-service attack.

The vulnerability of the Cairo graphic library in the Mozilla Firefox browser is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure through a specially created malicious web page...

SUSE: Security Advisory (SUSE-SU-2013:0843-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2019-20326

A heap-based buffer overflow in cairoimagesurfacecreatefromjpeg in extensions/cairoio/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file...

ALPINE-CVE-2019-6462

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function arcerrornormalized in the file cairo-arc.c, related to arcmaxanglefortolerancenormalized...

[SECURITY] Fedora 29 Update: cairo-1.16.0-3.fc29

Cairo is a 2D graphics library designed to provide high-quality display and print output. Currently supported output targets include the X Window System, in-memory image buffers, and image files PDF, PostScript, and SVG. Cairo is designed to produce consistent output on all output media while...

DEBIAN-CVE-2018-19876

cairo 1.16.0, in cairoftapplyvariations in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free: invalid pointer" error...

Cairo denial of service vulnerability

Cairo is a cross-platform open source vector graphics library developed by software developers Carl Worth and Behdad Esfahbod, which supports doing 2D drawings in multiple contexts and provides high-quality display and printouts. A denial of service vulnerability exists in Cairo version 1.15.4. A...

DEBIAN-CVE-2017-7475

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FTLoadGlyph and FTRenderGlyph resulting in an application crash...

UBUNTU-CVE-2016-9082

Integer overflow in the writepng function in cairo 1.14.6 allows remote attackers to cause a denial of service invalid pointer dereference via a large svg file...

Cairo 'cairo-png.c' Integer Overflow Vulnerability

Cairo is a cross-platform open source vector graphics library , it supports in multiple contexts to do 2D drawing , and provides high-quality display and printout . An integer overflow vulnerability exists in Cairo 'cairo-png.c'. An attacker may exploit this issue to crash the affected applicatio...

Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 — Mozilla

Security researcher Bert Massop reported a crash in the Cairo graphics layer on Linux systems using the LibAV library included in version 0.10 of the FFmpeg library. This was due to an error when allocating the LibAV header when decoding some videos...

Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems — Mozilla

Security researcher Francisco Alonso of the NowSecure Research Team used the Address Sanitizer tool to discover an out-of-bounds read issue during 2D canvas rendering. This was due to an issue in the cairo graphics library when surfaces are created with 32-bit color depth but displayed on a 16-bi...

openSUSE Security Update : seamonkey (openSUSE-2015-250)

SeaMonkey was updated to 2.33 bnc917597 - MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards - MFSA 2015-12/CVE-2015-0833 bmo945192 Invoking Mozilla updater will load locally stored DLL files Windows only - MFSA 2015-13/CVE-2015-0832 bmo1065909 Appended period to hostnam...

Mozilla Firefox < 36.0 Multiple Vulnerabilities

Binary data 8653.prm...