CVE-2023-23940 OpenZeppelin Contracts for Cairo is vulnerable to signature validation bypass

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. isvalidethsignature is missing a call to finalizekeccak after calling verifyethsignature. As a result, any contract using isvalidethsignature from the...

USN-5407-1 cairo vulnerabilities

Gustavo Grieco, Alberto Garcia, Francisco Oca, Suleman Ali, and others discovered that Cairo incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. CVE-2016-9082, CVE-2017-9814, CVE-2019-6462 Stephan Bergmann discovered that Cairo incorrectly...

ALSA-2022:1961 Moderate: cairo and pixman security and bug fix update

Cairo is a 2D graphics library designed to provide high-quality display and print output. Pixman is a pixel manipulation library for the X Window System and Cairo. Security Fixes: cairo: libreoffice slideshow aborts with stack smashing in cairo's compositeboxes CVE-2020-35492 For more details abo...

Mozilla Firefox Security Advisory (MFSA2013-31) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla Firefox Security Advisory (MFSA2021-28) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2021-28. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

CVE-2021-29972

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox 90...

Design/Logic Flaw

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox 90...

CVE-2021-29972

CVE-2021-29972 is a use-after-free vulnerability linked to an out-of-date Cairo library affecting Mozilla Firefox versions earlier than 90. The issue was identified via testing and updating Cairo (and/or Firefox to a newer Firefox 90+ version) was reported to resolve the vulnerability and may als...

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2021-90105)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. Mozilla Firefox is vulnerable to a resource management error that stems from a post-release usage error in the outdated Cairo library. An attacker could exploit the vulnerability to create a specially crafted web page...

UBUNTU-CVE-2021-29972

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox 90...

CVE-2021-29972

A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox 90...

Security Vulnerabilities fixed in Firefox 90 — Mozilla

A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespecti...

Mozilla Firefox 资源管理错误漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. Mozilla Firefox is vulnerable to a resource management error that stems from a post-release usage error in the outdated Cairo library. An attacker could exploit the vulnerability to create a specially crafted web page...

Out-of-bounds Write

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Cross-Site Scripting (XSS)

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

DEBIAN-CVE-2019-6462

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function arcerrornormalized in the file cairo-arc.c, related to arcmaxanglefortolerancenormalized...

UBUNTU-CVE-2019-6462

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function arcerrornormalized in the file cairo-arc.c, related to arcmaxanglefortolerancenormalized...

ALPINE-CVE-2018-19876

cairo 1.16.0, in cairoftapplyvariations in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free: invalid pointer" error...

cairo Denial of Service Vulnerability (CNVD-2018-20468)

cairo is a cross-platform open source vector graphics library developed by software developers Carl Worth and Behdad Esfahbod, which supports 2D drawing in multiple contexts and provides high-quality display and printouts. A security vulnerability exists in cairo 1.15.14 and earlier versions. An...