Search for packages
| purl | pkg:deb/debian/cairo@1.14.0-2.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-kfpb-m615-aaar
Aliases: CVE-2020-35492 |
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-m8h2-pzfh-aaaa
Aliases: CVE-2018-19876 |
cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error. |
Affected by 3 other vulnerabilities. |
|
VCID-rbmz-eq56-aaac
Aliases: CVE-2016-9082 |
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. |
Affected by 3 other vulnerabilities. |
|
VCID-tq9e-k6nt-aaab
Aliases: CVE-2016-3190 |
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. |
Affected by 3 other vulnerabilities. |
|
VCID-z4ra-ajwq-aaap
Aliases: CVE-2017-9814 |
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T17:13:36.566200+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:09:39.509275+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:53:35.712448+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:31:28.609401+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:37:13.056749+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-20T22:31:01.616684+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | None | 36.1.3 |
| 2025-06-20T21:02:42.214682+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | None | 36.1.3 |
| 2025-06-20T20:46:15.368934+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | None | 36.1.3 |
| 2025-06-20T20:20:58.639081+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 36.1.3 |
| 2025-06-20T20:20:11.179546+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | None | 36.1.3 |
| 2025-06-08T09:55:12.389811+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:59:36.144753+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:47:53.198711+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:25:31.377987+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:54:56.895412+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T15:55:09.067021+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | None | 36.1.0 |
| 2025-06-07T14:29:18.461506+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | None | 36.1.0 |
| 2025-06-07T14:18:12.186364+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | None | 36.1.0 |
| 2025-06-07T13:57:41.032414+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 36.1.0 |
| 2025-06-07T13:57:22.294732+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | None | 36.1.0 |
| 2025-04-12T22:34:55.653687+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:48:36.802704+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:39:01.849151+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:28:35.193629+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:58:31.908598+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T08:27:25.707165+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:31:13.441797+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:20:18.077149+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:57:49.468370+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:26:07.694295+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T14:26:08.235913+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | None | 36.0.0 |
| 2025-04-07T13:01:32.626269+00:00 | Debian Oval Importer | Affected by | VCID-rbmz-eq56-aaac | None | 36.0.0 |
| 2025-04-07T12:50:57.573980+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | None | 36.0.0 |
| 2025-04-07T12:32:18.399123+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 36.0.0 |
| 2025-04-07T12:32:01.063085+00:00 | Debian Oval Importer | Affected by | VCID-tq9e-k6nt-aaab | None | 36.0.0 |