Your submission was sent successfully! Close

CVE-2020-35492

Published: 18 March 2021

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
cairo
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

groovy Ignored
(reached end-of-life)
hirsute Ignored
(reached end-of-life)
impish Not vulnerable
(1.16.0-5ubuntu1)
jammy Not vulnerable
(1.16.0-5ubuntu2)
precise Does not exist

trusty Does not exist

upstream
Released (1.17.6,1.16.0-5)
xenial
Released (1.14.6-1ubuntu0.1~esm1)