Search CVE reports


Toggle filters

1 – 10 of 13 results


CVE-2023-27586

Medium priority
Needs evaluation

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows...

1 affected package

cairosvg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cairosvg Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-35492

Low priority

Some fixes available 1 of 5

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an...

1 affected package

cairo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cairo Not affected Not affected Needs evaluation Needs evaluation Fixed
Show less packages

CVE-2021-21236

Medium priority
Needs evaluation

CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python...

1 affected package

cairosvg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cairosvg Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-6462

Low priority

Some fixes available 1 of 14

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

1 affected package

cairo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cairo Needs evaluation Needs evaluation Needs evaluation Needs evaluation Fixed
Show less packages

CVE-2019-6461

Low priority
Vulnerable

An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.

1 affected package

cairo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cairo Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2018-19876

Negligible priority
Not affected

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.

1 affected package

cairo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cairo Not affected Not affected
Show less packages

CVE-2018-18064

Low priority
Vulnerable

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and...

1 affected package

cairo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cairo Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2017-9814

Low priority

Some fixes available 1 of 17

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

1 affected package

cairo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cairo Needs evaluation Needs evaluation Needs evaluation Needs evaluation Fixed
Show less packages

CVE-2017-7475

Low priority
Vulnerable

Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

1 affected package

cairo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cairo Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2016-9082

Low priority

Some fixes available 1 of 3

Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.

1 affected package

cairo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cairo Not affected Not affected Not affected Fixed
Show less packages