Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
CairographicsCairo

10 matches found

CVE
CVEadded 2021/03/18 7:15 p.m.425 views

CVE-2020-35492

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted...

7.8CVSS7.5AI score0.00093EPSS
CVE
CVEadded 2017/07/17 1:18 p.m.151 views

CVE-2017-9814

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

7.5CVSS7.1AI score0.00169EPSS
CVE
CVEadded 2019/01/16 6:29 p.m.114 views

CVE-2019-6462

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

6.5CVSS6.3AI score0.00052EPSS
CVE
CVEadded 2018/12/05 8:29 p.m.83 views

CVE-2018-19876

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.

6.5CVSS6.4AI score0.00303EPSS
CVE
CVEadded 2019/01/16 6:29 p.m.83 views

CVE-2019-6461

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.

6.5CVSS6.4AI score0.00154EPSS
CVE
CVEadded 2017/05/19 8:29 p.m.72 views

CVE-2017-7475

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

5.5CVSS5.4AI score0.00344EPSS
CVE
CVEadded 2017/02/03 3:59 p.m.65 views

CVE-2016-9082

Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.

5.5CVSS5.4AI score0.00429EPSS
CVE
CVEadded 2016/04/21 2:59 p.m.54 views

CVE-2016-3190

The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.

7.5CVSS7.2AI score0.0066EPSS
CVE
CVEadded 2018/10/08 6:29 p.m.53 views

CVE-2018-18064

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).

6.5CVSS6.7AI score0.00507EPSS
CVE
CVEadded 2014/07/29 2:55 p.m.28 views

CVE-2014-5116

The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.

5CVSS6.6AI score0.06256EPSS