Vulnerability CVE-2020-35492: Information
Description
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libcairo | sisyphus | 1.16.0-alt2 | 1.18.0-alt1 | ALT-PU-2022-3396-1 | 312186 | Fixed |
libcairo | sisyphus_e2k | 1.16.0-alt2 | 1.18.0-alt1 | ALT-PU-2022-7547-1 | - | Fixed |
libcairo | sisyphus_riscv64 | 1.17.8-alt1 | 1.18.0-alt1 | ALT-PU-2023-4618-1 | - | Fixed |
libcairo | p10 | 1.16.0-alt2 | 1.16.0-alt2 | ALT-PU-2023-1010-2 | 312192 | Fixed |
libcairo | p10_e2k | 1.16.0-alt2 | 1.16.0-alt2 | ALT-PU-2023-2177-1 | - | Fixed |
libcairo | c10f1 | 1.16.0-alt2 | 1.16.0-alt2 | ALT-PU-2023-1010-2 | 312192 | Fixed |
libcairo | c9f2 | 1.16.0-alt2 | 1.16.0-alt2 | ALT-PU-2023-1002-2 | 312258 | Fixed |
libcairo | p11 | 1.16.0-alt2 | 1.18.0-alt1 | ALT-PU-2022-3396-1 | 312186 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1898396 |
|
https://security.gentoo.org/glsa/202305-21 |