VulnerableCode Package Details - pkg:deb/debian/cairo@1.14.0-2.1%2Bdeb8u2

Search for packages

Package details: pkg:deb/debian/cairo@1.14.0-2.1%2Bdeb8u2

Essentials
History (5)

purl	pkg:deb/debian/cairo@1.14.0-2.1%2Bdeb8u2

Next non-vulnerable version	1.18.4-1
Latest non-vulnerable version	1.18.4-1
Risk	4.5

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-9xcs-qa8x-sqfy Aliases: CVE-2020-35492	A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.	1.16.0-5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-p6v5-kp1h-rbek Aliases: CVE-2016-3190	cairo: out of bounds read in fill_xrgb32_lerp_opaque_spans	1.14.8-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tjah-msam-zfgf Aliases: CVE-2017-9814		1.16.0-4+deb10u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-w1vh-mkvt-wfae Aliases: CVE-2018-19876	cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.	1.16.0-4+deb10u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wgs3-959r-7qb4 Aliases: CVE-2016-9082		1.14.8-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T20:10:22.305954+00:00	Debian Oval Importer	Affected by	VCID-w1vh-mkvt-wfae	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:07:09.589329+00:00	Debian Oval Importer	Affected by	VCID-tjah-msam-zfgf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:54:38.745976+00:00	Debian Oval Importer	Affected by	VCID-9xcs-qa8x-sqfy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:40:30.514274+00:00	Debian Oval Importer	Affected by	VCID-p6v5-kp1h-rbek	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:00:13.985193+00:00	Debian Oval Importer	Affected by	VCID-wgs3-959r-7qb4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0