Search for packages
| purl | pkg:deb/debian/cairo@1.14.0-2.1%2Bdeb8u2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-kfpb-m615-aaar
Aliases: CVE-2020-35492 |
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-m8h2-pzfh-aaaa
Aliases: CVE-2018-19876 |
cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error. |
Affected by 3 other vulnerabilities. |
|
VCID-rbmz-eq56-aaac
Aliases: CVE-2016-9082 |
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. |
Affected by 3 other vulnerabilities. |
|
VCID-tq9e-k6nt-aaab
Aliases: CVE-2016-3190 |
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. |
Affected by 3 other vulnerabilities. |
|
VCID-z4ra-ajwq-aaap
Aliases: CVE-2017-9814 |
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T17:13:36.568301+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:09:39.511383+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:53:35.714721+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:31:28.611526+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:37:13.058897+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-20T22:31:01.618849+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | None | 36.1.3 |
| 2025-06-20T21:02:42.216459+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | None | 36.1.3 |
| 2025-06-20T20:46:15.370792+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | None | 36.1.3 |
| 2025-06-20T20:20:58.640864+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 36.1.3 |
| 2025-06-20T20:20:11.181147+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | None | 36.1.3 |
| 2025-06-08T09:55:12.391335+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:59:36.146520+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:47:53.200175+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:25:31.379523+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:54:56.896966+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T15:55:09.068546+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | None | 36.1.0 |
| 2025-06-07T14:29:18.463287+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | None | 36.1.0 |
| 2025-06-07T14:18:12.187987+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | None | 36.1.0 |
| 2025-06-07T13:57:41.034209+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 36.1.0 |
| 2025-06-07T13:57:22.296221+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | None | 36.1.0 |
| 2025-04-12T22:34:55.658551+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:48:36.807153+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:39:01.854076+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:28:35.198543+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:58:31.913576+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T08:27:25.712084+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:31:13.446869+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:20:18.082063+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:57:49.473469+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:26:07.698802+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T14:26:08.241388+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | None | 36.0.0 |
| 2025-04-07T13:01:32.631590+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | None | 36.0.0 |
| 2025-04-07T12:50:57.579276+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | None | 36.0.0 |
| 2025-04-07T12:32:18.406538+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 36.0.0 |
| 2025-04-07T12:32:01.069927+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | None | 36.0.0 |