Lucene search
K
CairographicsCairo

10 matches found

CVE
CVE
added 2021/03/18 6:59 p.m.448 views

CVE-2020-35492

CVE-2020-35492 affects cairo’s image-compositor.c in all versions before 1.17.4. A crafted input file can cause a stack buffer overflow (out-of-bounds write), with impact on confidentiality, integrity, and availability. Root cause: unchecked memory/write in image-compositor when processing untrus...

7.8CVSS7.5AI score0.01112EPSS
CVE
CVE
added 2017/07/14 5:0 a.m.234 views

CVE-2017-9814

CVE-2017-9814 affects cairo prior to 1.15.6 (cairo-truetype-subset.c). The vulnerability arises from mishandling of an unexpected malloc(0) call, enabling a remote attacker to trigger an out-of-bounds read and cause a denial of service. Affected component: cairo’s truetype subset path; affected v...

7.5CVSS7.1AI score0.03463EPSS
CVE
CVE
added 2016/04/21 2:0 p.m.215 views

CVE-2016-3190

CVE-2016-3190 affects the cairo graphics library. The vulnerability is in fill_xrgb32_lerp_opaque_spans (cairo-image-compositor.c) and allows remote attackers to trigger a denial of service via an out-of-bounds read when a negative span length is provided. Affected versions are cairo before 1.14....

7.5CVSS7.2AI score0.01805EPSS
CVE
CVE
added 2019/01/16 6:0 p.m.136 views

CVE-2019-6462

CVE-2019-6462 affects cairo 1.16.0 with an infinite loop in _arc_error_normalized (cairo-arc.c) related to _arc_max_angle_for_tolerance_normalized. Connected advisories (Astra Linux, Debian, Alpine, Mageia, Gentoo GLSA, etc.) document the same issue; multiple vendors list Cairo as vulnerable and ...

6.5CVSS6.3AI score0.02142EPSS
CVE
CVE
added 2019/01/16 6:0 p.m.107 views

CVE-2019-6461

CVE-2019-6461 affects Cairo 1.16.0, with an assertion issue in _cairo_arc_in_direction() inside cairo-arc.c. The connected sources validate the root cause as an assertion failure when drawing arcs with NaN angles, and the affected component is Cairo’s 2D vector graphics library. The advisory cont...

6.5CVSS6.4AI score0.02117EPSS
CVE
CVE
added 2018/12/05 8:0 p.m.103 views

CVE-2018-19876

CVE-2018-19876 affects cairo 1.16.0 via cairo_ft_apply_variations() in cairo-ft-font.c, where memory is freed with an allocator incompatible with WebKit’s fastMalloc, causing a crash or memory corruption. Arch Linux ASA-201902-19 notes an upgrade to 1.16.0-2 to fix arbitrary code execution; upstr...

6.5CVSS6.4AI score0.01714EPSS
CVE
CVE
added 2017/05/19 8:0 p.m.96 views

CVE-2017-7475

CVE-2017-7475 affects Cairo 1.15.4, where a NULL pointer dereference in the FT_Load_Glyph and FT_Render_Glyph paths can crash applications. Public sources in connected documents confirm the vulnerability as a NULL pointer dereference in Cairo’s font rendering pipeline, leading to an application c...

5.5CVSS5.4AI score0.01839EPSS
CVE
CVE
added 2017/02/03 3:0 p.m.84 views

CVE-2016-9082

CVE-2016-9082 affects the Cairo graphics library, specifically the write_png function in Cairo 1.14.6. An integer overflow can be triggered by a large SVG file, leading to a denial of service via an invalid pointer dereference. The provided sources confirm the vulnerability exists in Cairo 1.14.6...

5.5CVSS5.4AI score0.01995EPSS
CVE
CVE
added 2018/10/08 6:0 p.m.72 views

CVE-2018-18064

CVE-2018-18064 affects Cairo up to version 1.15.14, with an out-of-bounds stack-memory write when processing a crafted document via WebKitGTK+. Root cause (per connected OSV entry): the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image...

6.5CVSS6.7AI score0.0148EPSS
CVE
CVE
added 2014/07/29 2:0 p.m.38 views

CVE-2014-5116

CVE-2014-5116 concerns the cairo_image_surface_get_data function in Cairo 1.10.2 (used in GTK+ and Wireshark), where a context-dependent attacker could trigger a denial of service via a NULL pointer dereference when handling a large string. The available connected documents corroborate the vulner...

5CVSS6.6AI score0.07784EPSS