cairo

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description 2D graphics library with support for multiple output devices
Version 1.18.2-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1391 1.17.4-4 1.17.4-5 Medium Fixed FS#70017
AVG-826 1.16.0-1 1.16.0-2 Critical Fixed
AVG-277 1.14.10-1 1.15.8-1 Low Fixed
Issue Group Severity Remote Type Description
CVE-2020-35492 AVG-1391 Medium No Arbitrary code execution
A flaw was found in cairo's image-compositor.c. An attacker who is able to provide a crafted input file to cairo's image-compositor (e.g. by convincing a...
CVE-2018-19876 AVG-826 Critical Yes Arbitrary code execution
A memory-corruption issue has been found in cairo versions <= 1.16.0, in the cairo_ft_apply_variations() function in cairo-ft-font.c. This function frees...
CVE-2017-7475 AVG-277 Low No Denial of service
Cairo is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

Advisories

Date Advisory Group Severity Type
17 Feb 2019 ASA-201902-19 AVG-826 Critical arbitrary code execution