Vulnerability CVE-2020-35492: Information

Description

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-35492

Published: March 18, 2021

Modified: May 3, 2023

Error type identifier: CWE-787

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
libcairo	sisyphus	1.16.0-alt2	1.18.0-alt1	ALT-PU-2022-3396-1	312186	Fixed
libcairo	sisyphus_e2k	1.16.0-alt2	1.18.0-alt1	ALT-PU-2022-7547-1	-	Fixed
libcairo	sisyphus_riscv64	1.17.8-alt1	1.18.0-alt1	ALT-PU-2023-4618-1	-	Fixed
libcairo	p10	1.16.0-alt2	1.16.0-alt2	ALT-PU-2023-1010-2	312192	Fixed
libcairo	p10_e2k	1.16.0-alt2	1.16.0-alt2	ALT-PU-2023-2177-1	-	Fixed
libcairo	c10f1	1.16.0-alt2	1.16.0-alt2	ALT-PU-2023-1010-2	312192	Fixed
libcairo	c9f2	1.16.0-alt2	1.16.0-alt2	ALT-PU-2023-1002-2	312258	Fixed
libcairo	p11	1.16.0-alt2	1.18.0-alt1	ALT-PU-2022-3396-1	312186	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1898396	Issue Tracking Patch Third Party Advisory
https://security.gentoo.org/glsa/202305-21

Affected configurations:
1. Configuration 1
  cpe:2.3:a:cairographics:cairo:*:*:*:*:*:*:*:*
  End excliding
  1.17.4

Version: v24.5.3

Vulnerability CVE-2020-35492: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1