Cairographics » Cairo : Security Vulnerabilities, CVEs, (Denial of service)
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
Max CVSS
7.5
EPSS Score
0.53%
Published
2017-07-17
Updated
2021-03-04
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.
Max CVSS
5.5
EPSS Score
0.63%
Published
2017-02-03
Updated
2019-04-02
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
Max CVSS
7.5
EPSS Score
0.98%
Published
2016-04-21
Updated
2018-10-30
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.
Max CVSS
5.0
EPSS Score
0.81%
Published
2014-07-29
Updated
2014-07-30
4 vulnerabilities found