CVE-2020-35492
Published: 18 March 2021
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
Notes
| Author | Note |
|---|---|
| rodrigo-zaiden | The issue was introduced in version 1.12.12 with the commit: https://gitlab.freedesktop.org/cairo/cairo/-/commit/c986a731 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
cairo Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| xenial |
Released
(1.14.6-1ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| impish |
Not vulnerable
(1.16.0-5ubuntu1)
|
|
| jammy |
Not vulnerable
(1.16.0-5ubuntu2)
|
|
| upstream |
Released
(1.17.6, 1.16.0-5)
|
|
| kinetic |
Not vulnerable
(1.16.0-5ubuntu2)
|
|
| lunar |
Not vulnerable
(1.16.0-5ubuntu2)
|
|
| mantic |
Not vulnerable
(1.16.0-5ubuntu2)
|
|
|
Patches: upstream: https://gitlab.freedesktop.org/cairo/cairo/-/commit/03a820b173ed1fdef6ff14b4468f5dbc02ff59be upstream: https://gitlab.freedesktop.org/cairo/cairo/-/commit/8bc14a6bba3bc8a64ff0749c74d9b96305bf6429 upstream: https://gitlab.freedesktop.org/cairo/cairo/-/commit/0677e0a94968447e132c69f58cb04e5377e0c828 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |