Search for packages
| purl | pkg:deb/debian/cairo@1.14.8-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-kfpb-m615-aaar
Aliases: CVE-2020-35492 |
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-m8h2-pzfh-aaaa
Aliases: CVE-2018-19876 |
cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error. |
Affected by 3 other vulnerabilities. |
|
VCID-z4ra-ajwq-aaap
Aliases: CVE-2017-9814 |
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-rbmz-eq56-aaac | Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. |
CVE-2016-9082
|
| VCID-tq9e-k6nt-aaab | The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. |
CVE-2016-3190
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T17:13:36.571366+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:09:39.513575+00:00 | Debian Oval Importer | Fixing | VCID-rbmz-eq56-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:53:35.716889+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:31:28.613697+00:00 | Debian Oval Importer | Fixing | VCID-tq9e-k6nt-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:37:13.060844+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-20T22:31:01.621010+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | None | 36.1.3 |
| 2025-06-20T21:02:42.218293+00:00 | Debian Oval Importer | Fixing | VCID-rbmz-eq56-aaac | None | 36.1.3 |
| 2025-06-20T20:46:15.372406+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | None | 36.1.3 |
| 2025-06-20T20:20:58.642665+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 36.1.3 |
| 2025-06-20T20:20:11.182779+00:00 | Debian Oval Importer | Fixing | VCID-tq9e-k6nt-aaab | None | 36.1.3 |
| 2025-06-08T09:55:12.392866+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:59:36.148105+00:00 | Debian Oval Importer | Fixing | VCID-rbmz-eq56-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:47:53.201660+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:25:31.381077+00:00 | Debian Oval Importer | Fixing | VCID-tq9e-k6nt-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:54:56.903942+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T15:55:09.070064+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | None | 36.1.0 |
| 2025-06-07T14:29:18.465615+00:00 | Debian Oval Importer | Fixing | VCID-rbmz-eq56-aaac | None | 36.1.0 |
| 2025-06-07T14:18:12.189492+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | None | 36.1.0 |
| 2025-06-07T13:57:41.036709+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 36.1.0 |
| 2025-06-07T13:57:22.306184+00:00 | Debian Oval Importer | Fixing | VCID-tq9e-k6nt-aaab | None | 36.1.0 |
| 2025-04-12T22:34:55.663343+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:48:36.811609+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:39:01.859001+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:28:35.203406+00:00 | Debian Oval Importer | Fixing | VCID-tq9e-k6nt-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:58:31.918514+00:00 | Debian Oval Importer | Fixing | VCID-rbmz-eq56-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T08:27:25.717153+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:31:13.451869+00:00 | Debian Oval Importer | Fixing | VCID-rbmz-eq56-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:20:18.087161+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:57:49.478295+00:00 | Debian Oval Importer | Fixing | VCID-tq9e-k6nt-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:26:07.703121+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T14:26:08.246824+00:00 | Debian Oval Importer | Affected by | VCID-m8h2-pzfh-aaaa | None | 36.0.0 |
| 2025-04-07T13:01:32.636967+00:00 | Debian Oval Importer | Fixing | VCID-rbmz-eq56-aaac | None | 36.0.0 |
| 2025-04-07T12:50:57.584639+00:00 | Debian Oval Importer | Affected by | VCID-kfpb-m615-aaar | None | 36.0.0 |
| 2025-04-07T12:32:18.413458+00:00 | Debian Oval Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 36.0.0 |
| 2025-04-07T12:32:01.075653+00:00 | Debian Oval Importer | Fixing | VCID-tq9e-k6nt-aaab | None | 36.0.0 |
| 2025-04-06T20:19:06.317322+00:00 | Debian Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 36.0.0 |
| 2025-02-19T00:11:11.576949+00:00 | Debian Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 35.1.0 |
| 2024-04-24T11:57:29.690009+00:00 | Debian Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 34.0.0rc4 |
| 2024-01-10T13:49:58.415479+00:00 | Debian Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 34.0.0rc2 |
| 2024-01-04T05:02:48.461973+00:00 | Debian Importer | Affected by | VCID-z4ra-ajwq-aaap | None | 34.0.0rc1 |