Astra Linux - уязвимость в cairo

A flaw was discovered in cairo’s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo’s image-compositor for example, by convincing a user to open a file in an application that uses cairo, or if an application uses cairo on...

Astra Linux - уязвимость в xorg-server

A flaw was discovered in the X.Org Server Overlay Window. A use-after-free could lead to local privilege escalation. If a client explicitly destroys the compositor overlay window also known as COW, the Xserver will retain a dangling pointer to that window in the CompScreen structure, which will...

CVE-2018-25305 librsvg2-bin 2.40.13 Buffer Overflow via Malformed SVG

librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor...

EUVD-2018-21826

librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor...

PT-2026-35988

librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor...

Linux Distros Unpatched Vulnerability : CVE-2026-35094

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. Th...

EUVD-2026-17909

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

DEBIAN-CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

CVE-2026-35094 Libinput: libinput: information disclosure via dangling pointer in lua plugin handling

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

CVE-2026-35094

A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could...

CVE-2026-5290

Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference in the Lua plugin handling. An attacker can access sensitive information by deploying a malicious Lua plugin file in specific system directories, which triggers a dangling pointer to be printed to system logs...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the luaLloadfile plugin in configuration directories. An attacker can execute unauthorized code and access sensitive information by placing a specially crafted Lua bytecode file in a system or user...

PT-2026-29525

Name of the Vulnerable Software and Affected Versions libinput affected versions not specified Description A flaw exists in libinput where an attacker who can deploy a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collectio...

PT-2026-29524

Name of the Vulnerable Software and Affected Versions libinput affected versions not specified Description A flaw exists in libinput that allows a local attacker to bypass security restrictions by placing a specially crafted Lua bytecode file in specific system or user configuration directories...

MiracleLinux 4 : firefox-52.7.3-1.0.1.AXS4 (AXSA:2018-2955:04)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2955:04 advisory. firefox: Use-after-free in compositor potentially allows code execution CVE-2018-5148 Tenable has extracted the preceding description block directly from the...

Advisory ROSA-SA-2025-3112

Software: cairo 1.15.12 OS: ROSA Virtualization 2.1 packageevrstring: cairo-1.15.12-6.rv3 CVE-ID: CVE-2020-35492 BDU-ID: 2021-03445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the image-compositor.c component of the Cairo vector graphics library is related to a data stack buffer overflow...

Advisory ROSA-SA-2025-3111

Software: pixman 0.38.4 OS: ROSA Virtualization 2.1 packageevrstring: pixman-0.38.4-4.rv3 CVE-ID: CVE-2020-35492 BDU-ID: 2021-03445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the image-compositor.c component of the Cairo vector graphics library is related to a data stack buffer overflow...