10 matches found
CVE-2020-35492
CVE-2020-35492 affects cairo’s image-compositor.c in all versions before 1.17.4. A crafted input file can cause a stack buffer overflow (out-of-bounds write), with impact on confidentiality, integrity, and availability. Root cause: unchecked memory/write in image-compositor when processing untrus...
CVE-2017-9814
CVE-2017-9814 affects cairo prior to 1.15.6 (cairo-truetype-subset.c). The vulnerability arises from mishandling of an unexpected malloc(0) call, enabling a remote attacker to trigger an out-of-bounds read and cause a denial of service. Affected component: cairo’s truetype subset path; affected v...
CVE-2016-3190
CVE-2016-3190 affects the cairo graphics library. The vulnerability is in fill_xrgb32_lerp_opaque_spans (cairo-image-compositor.c) and allows remote attackers to trigger a denial of service via an out-of-bounds read when a negative span length is provided. Affected versions are cairo before 1.14....
CVE-2019-6462
CVE-2019-6462 affects cairo 1.16.0 with an infinite loop in _arc_error_normalized (cairo-arc.c) related to _arc_max_angle_for_tolerance_normalized. Connected advisories (Astra Linux, Debian, Alpine, Mageia, Gentoo GLSA, etc.) document the same issue; multiple vendors list Cairo as vulnerable and ...
CVE-2019-6461
CVE-2019-6461 affects Cairo 1.16.0, with an assertion issue in _cairo_arc_in_direction() inside cairo-arc.c. The connected sources validate the root cause as an assertion failure when drawing arcs with NaN angles, and the affected component is Cairo’s 2D vector graphics library. The advisory cont...
CVE-2018-19876
CVE-2018-19876 affects cairo 1.16.0 via cairo_ft_apply_variations() in cairo-ft-font.c, where memory is freed with an allocator incompatible with WebKit’s fastMalloc, causing a crash or memory corruption. Arch Linux ASA-201902-19 notes an upgrade to 1.16.0-2 to fix arbitrary code execution; upstr...
CVE-2017-7475
CVE-2017-7475 affects Cairo 1.15.4, where a NULL pointer dereference in the FT_Load_Glyph and FT_Render_Glyph paths can crash applications. Public sources in connected documents confirm the vulnerability as a NULL pointer dereference in Cairo’s font rendering pipeline, leading to an application c...
CVE-2016-9082
CVE-2016-9082 affects the Cairo graphics library, specifically the write_png function in Cairo 1.14.6. An integer overflow can be triggered by a large SVG file, leading to a denial of service via an invalid pointer dereference. The provided sources confirm the vulnerability exists in Cairo 1.14.6...
CVE-2018-18064
CVE-2018-18064 affects Cairo up to version 1.15.14, with an out-of-bounds stack-memory write when processing a crafted document via WebKitGTK+. Root cause (per connected OSV entry): the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image...
CVE-2014-5116
CVE-2014-5116 concerns the cairo_image_surface_get_data function in Cairo 1.10.2 (used in GTK+ and Wireshark), where a context-dependent attacker could trigger a denial of service via a NULL pointer dereference when handling a large string. The available connected documents corroborate the vulner...