Home

CVE-2020-35492

Description

A flaw was found in cairos image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairos image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.098

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2022:1961) cairo and pixman security and bug fix update cairo-debugsource-1.15.12-6.el8.i686.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update cairo-debugsource-1.15.12-6.el8.x86_64.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update pixman-debugsource-0.38.4-2.el8.i686.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update pixman-debugsource-0.38.4-2.el8.x86_64.rpmLinux
cairo and pixman security and bug fix update (RLSA-2022:1961) cairo-1.15.12-6.el8.i686.rpmLinux
cairo and pixman security and bug fix update (RLSA-2022:1961) cairo-1.15.12-6.el8.x86_64.rpmLinux
cairo and pixman security and bug fix update (RLSA-2022:1961) pixman-0.38.4-2.el8.i686.rpmLinux
cairo and pixman security and bug fix update (RLSA-2022:1961) pixman-0.38.4-2.el8.x86_64.rpmLinux
cairo and pixman security and bug fix update (RLSA-2022:1961) cairo-devel-1.15.12-6.el8.i686.rpmLinux
cairo and pixman security and bug fix update (RLSA-2022:1961) cairo-devel-1.15.12-6.el8.x86_64.rpmLinux
cairo and pixman security and bug fix update (RLSA-2022:1961) pixman-devel-0.38.4-2.el8.i686.rpmLinux
cairo and pixman security and bug fix update (RLSA-2022:1961) pixman-devel-0.38.4-2.el8.x86_64.rpmLinux
cairo and pixman security and bug fix update (RLSA-2022:1961) cairo-gobject-1.15.12-6.el8.i686.rpmLinux
cairo and pixman security and bug fix update (RLSA-2022:1961) cairo-gobject-1.15.12-6.el8.x86_64.rpmLinux
cairo and pixman security and bug fix update (RLSA-2022:1961) cairo-gobject-devel-1.15.12-6.el8.i686.rpmLinux
cairo and pixman security and bug fix update (RLSA-2022:1961) cairo-gobject-devel-1.15.12-6.el8.x86_64.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update cairo-1.15.12-6.el8.i686.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update cairo-1.15.12-6.el8.x86_64.rpmLinux
(RHSA-2022:1961)Moderate: and pixman security and bug fix update cairo-debuginfo-1.15.12-6.el8.i686.rpmLinux
(RHSA-2022:1961)Moderate: and pixman security and bug fix update cairo-debuginfo-1.15.12-6.el8.x86_64.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update cairo-devel-1.15.12-6.el8.i686.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update cairo-devel-1.15.12-6.el8.x86_64.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update cairo-gobject-1.15.12-6.el8.i686.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update cairo-gobject-1.15.12-6.el8.x86_64.rpmLinux
(RHSA-2022:1961)Moderate: and pixman security and bug fix update cairo-gobject-debuginfo-1.15.12-6.el8.i686.rpmLinux
(RHSA-2022:1961)Moderate: and pixman security and bug fix update cairo-gobject-debuginfo-1.15.12-6.el8.x86_64.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update cairo-gobject-devel-1.15.12-6.el8.i686.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update cairo-gobject-devel-1.15.12-6.el8.x86_64.rpmLinux
(RHSA-2022:1961)Moderate: and pixman security and bug fix update cairo-tools-debuginfo-1.15.12-6.el8.i686.rpmLinux
(RHSA-2022:1961)Moderate: and pixman security and bug fix update cairo-tools-debuginfo-1.15.12-6.el8.x86_64.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update pixman-0.38.4-2.el8.i686.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update pixman-0.38.4-2.el8.x86_64.rpmLinux
(RHSA-2022:1961)Moderate: and pixman security and bug fix update pixman-debuginfo-0.38.4-2.el8.i686.rpmLinux
(RHSA-2022:1961)Moderate: and pixman security and bug fix update pixman-debuginfo-0.38.4-2.el8.x86_64.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update pixman-devel-0.38.4-2.el8.i686.rpmLinux
(RHSA-2022:1961) cairo and pixman security and bug fix update pixman-devel-0.38.4-2.el8.x86_64.rpmLinux
Cairo update (ELSA-2022-1961) cairo-1.15.12-6.el8.i686.rpmLinux
Cairo update (ELSA-2022-1961) cairo-1.15.12-6.el8.x86_64.rpmLinux
Cairo-devel update (ELSA-2022-1961) cairo-devel-1.15.12-6.el8.i686.rpmLinux
Cairo-devel update (ELSA-2022-1961) cairo-devel-1.15.12-6.el8.x86_64.rpmLinux
Cairo-gobject update (ELSA-2022-1961) cairo-gobject-1.15.12-6.el8.i686.rpmLinux
Cairo-gobject update (ELSA-2022-1961) cairo-gobject-1.15.12-6.el8.x86_64.rpmLinux
Cairo-gobject-devel update (ELSA-2022-1961) cairo-gobject-devel-1.15.12-6.el8.i686.rpmLinux
Cairo-gobject-devel update (ELSA-2022-1961) cairo-gobject-devel-1.15.12-6.el8.x86_64.rpmLinux
Pixman update (ELSA-2022-1961) pixman-0.38.4-2.el8.i686.rpmLinux
Pixman update (ELSA-2022-1961) pixman-0.38.4-2.el8.x86_64.rpmLinux
Pixman-devel update (ELSA-2022-1961) pixman-devel-0.38.4-2.el8.i686.rpmLinux
Pixman-devel update (ELSA-2022-1961) pixman-devel-0.38.4-2.el8.x86_64.rpmLinux
Moderate: cairo and pixman security and bug fix update cairo-1.15.12-6.el8.i686.rpmLinux
Moderate: cairo and pixman security and bug fix update cairo-1.15.12-6.el8.x86_64.rpmLinux
Moderate: cairo and pixman security and bug fix update cairo-devel-1.15.12-6.el8.i686.rpmLinux
Moderate: cairo and pixman security and bug fix update cairo-devel-1.15.12-6.el8.x86_64.rpmLinux
Moderate: cairo and pixman security and bug fix update cairo-gobject-1.15.12-6.el8.i686.rpmLinux
Moderate: cairo and pixman security and bug fix update cairo-gobject-1.15.12-6.el8.x86_64.rpmLinux
Moderate: cairo and pixman security and bug fix update cairo-gobject-devel-1.15.12-6.el8.i686.rpmLinux
Moderate: cairo and pixman security and bug fix update cairo-gobject-devel-1.15.12-6.el8.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234