Cairographics Cairo 1.16.0

CPE Details

Cairographics Cairo 1.16.0
cairographics
cairo
1.16.0
2019-06-17
14h15 +00:00
2019-06-17
14h15 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cairographics:cairo:1.16.0:*:*:*:*:*:*:*

Informations

Vendor

cairographics

Product

cairo

Version

1.16.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-35492 2021-03-18 18h59 +00:00 A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
7.8
High
CVE-2019-6461 2019-01-16 17h00 +00:00 An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
6.5
Medium
CVE-2019-6462 2019-01-16 17h00 +00:00 An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.
6.5
Medium
CVE-2018-19876 2018-12-05 20h00 +00:00 cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.
6.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.