Lucene search
K

130 matches found

Cvelist
Cvelist
added 2021/03/18 6:59 p.m.21 views

CVE-2020-35492

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untruste...

7.6AI score0.01112EPSS
Exploits0References2
CVE
CVE
added 2021/03/18 6:59 p.m.450 views

CVE-2020-35492

CVE-2020-35492 affects cairo’s image-compositor.c in all versions before 1.17.4. A crafted input file can cause a stack buffer overflow (out-of-bounds write), with impact on confidentiality, integrity, and availability. Root cause: unchecked memory/write in image-compositor when processing untrus...

7.8CVSS7.5AI score0.01112EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2021/03/18 6:59 p.m.26 views

CVE-2020-35492

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untruste...

7.8CVSS6.7AI score0.01112EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2021/03/18 6:59 p.m.36 views

CVE-2020-35492

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untruste...

7.8CVSS7.7AI score0.01112EPSS
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2021/03/18 12:0 a.m.32 views

Stack-based Buffer Overflow

A flaw was found in cairo's image-compositor.c in all This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input to cause a stack...

7.8CVSS3.9AI score0.01112EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2020/12/28 6:34 p.m.38 views

CVE-2020-35492

A flaw was found in cairo's image-compositor.c. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input to cause a stack buffer...

7.8CVSS7.5AI score0.01112EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/12/02 12:0 a.m.4 views

PT-2020-6179 · Cairo +7 · Cairo +7

Name of the Vulnerable Software and Affected Versions: cairo versions prior to 1.17.4 Description: A flaw was found in cairo's image-compositor.c, allowing an attacker who can provide a crafted input file to cause a stack buffer overflow, resulting in an out-of-bounds WRITE. This can lead to...

7.8CVSS6AI score0.07784EPSS
Exploits4References66
OpenVAS
OpenVAS
added 2020/02/18 12:0 a.m.18 views

Fedora: Security Advisory for sway (FEDORA-2020-f49a5b4422)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for ghostscript (EulerOS-SA-2019-1241)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.01561EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.31 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0054)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit thi...

7.8CVSS7.9AI score0.43901EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2019/04/04 12:0 a.m.29 views

EulerOS Virtualization 2.5.3 : ghostscript (EulerOS-SA-2019-1241)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could...

7.8CVSS8.2AI score0.01561EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.42 views

Fedora 28 : webkit2gtk3 (2018-97c58e29e4)

This update addresses the following vulnerabilities : - CVE-2018-4200 Additional fixes : - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. - Properly close the connection to the nested wayland compositor in the Web Process. - Avoid paintin...

8.8CVSS7.5AI score0.0873EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2018/09/06 5:50 a.m.45 views

CVE-2018-16540

It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScrip...

9.3CVSS1.9AI score0.92499EPSS
Exploits4References2
OSV
OSV
added 2018/06/11 9:29 p.m.1 views

DEBIAN-CVE-2018-5148

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.7.3 and Firefox 59.0.2...

9.8CVSS9.1AI score0.03013EPSS
Exploits0References1
Prion
Prion
added 2018/06/11 9:29 p.m.19 views

Design/Logic Flaw

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.7.3 and Firefox 59.0.2...

7.5CVSS9AI score0.03013EPSS
Exploits0References9Affected Software8
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.26 views

CVE-2018-5148

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.7.3 and Firefox 59.0.2...

9.8CVSS9.9AI score0.03013EPSS
Exploits0
Cent OS
Cent OS
added 2018/05/30 6:22 p.m.76 views

firefox security update

CentOS Errata and Security Advisory CESA-2018:1099 An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.6AI score0.03013EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2018/05/16 12:0 a.m.42 views

Fedora 27 : webkitgtk4 (2018-93ba62d099)

This update addresses the following vulnerabilities : - CVE-2018-4200 Additional fixes : - Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. - Properly close the connection to the nested wayland compositor in the Web Process. - Avoid paintin...

8.8CVSS7.5AI score0.0873EPSS
Exploits4References2
Mageia
Mageia
added 2018/04/15 1:33 p.m.53 views

Updated firefox packages fix security vulnerability

Memory safety bugs fixed in Firefox ESR 52.7 CVE-2018-5125. Buffer overflow manipulating SVG animatedPathSegList CVE-2018-5127. Out-of-bounds write with malformed IPC messages CVE-2018-5129. Mismatched RTP payload type can trigger memory corruption CVE-2018-5130. Fetch API improperly returns cach...

9.8CVSS1.4AI score0.08024EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2018/04/10 8:32 p.m.6 views

firefox: Use-after-free in compositor potentially allows code execution

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.7.3 and Firefox 59.0.2...

9.8CVSS7.3AI score0.03013EPSS
Exploits0References5
Rows per page
Query Builder