cairo
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | 2D graphics library with support for multiple output devices |
| Version | 1.18.2-2 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1391 | 1.17.4-4 | 1.17.4-5 | Medium | Fixed | FS#70017 |
| AVG-826 | 1.16.0-1 | 1.16.0-2 | Critical | Fixed | |
| AVG-277 | 1.14.10-1 | 1.15.8-1 | Low | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-35492 | AVG-1391 | Medium | No | Arbitrary code execution | A flaw was found in cairo's image-compositor.c. An attacker who is able to provide a crafted input file to cairo's image-compositor (e.g. by convincing a... |
| CVE-2018-19876 | AVG-826 | Critical | Yes | Arbitrary code execution | A memory-corruption issue has been found in cairo versions <= 1.16.0, in the cairo_ft_apply_variations() function in cairo-ft-font.c. This function frees... |
| CVE-2017-7475 | AVG-277 | Low | No | Denial of service | Cairo is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 17 Feb 2019 | ASA-201902-19 | AVG-826 | Critical | arbitrary code execution |