VulnerableCode Package Details - pkg:deb/debian/cairo@1.16.0-4%2Bdeb10u1

Search for packages

Package details: pkg:deb/debian/cairo@1.16.0-4%2Bdeb10u1

Essentials
History (3)

purl	pkg:deb/debian/cairo@1.16.0-4%2Bdeb10u1

Next non-vulnerable version	1.18.4-1
Latest non-vulnerable version	1.18.4-1
Risk	3.5

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-9xcs-qa8x-sqfy Aliases: CVE-2020-35492	A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.	1.16.0-5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-tjah-msam-zfgf		CVE-2017-9814
VCID-w1vh-mkvt-wfae	cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.	CVE-2018-19876

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T20:10:22.316118+00:00	Debian Oval Importer	Fixing	VCID-w1vh-mkvt-wfae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:07:09.598697+00:00	Debian Oval Importer	Fixing	VCID-tjah-msam-zfgf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:54:38.756633+00:00	Debian Oval Importer	Affected by	VCID-9xcs-qa8x-sqfy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0