Cairographics : Security Vulnerabilities, CVEs, CVSS score >= 7
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
Max CVSS
7.8
EPSS Score
0.12%
Published
2021-03-18
Updated
2023-05-03
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
Max CVSS
7.5
EPSS Score
0.53%
Published
2017-07-17
Updated
2021-03-04
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
Max CVSS
7.5
EPSS Score
0.98%
Published
2016-04-21
Updated
2018-10-30
3 vulnerabilities found