VulnerableCode Package Details - pkg:deb/debian/cairo@1.6.4-7

Search for packages

Package details: pkg:deb/debian/cairo@1.6.4-7

Essentials
History (47)

purl	pkg:deb/debian/cairo@1.6.4-7

Next non-vulnerable version	1.18.4-1
Latest non-vulnerable version	1.18.4-1
Risk	7.8

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-6xh3-hmne-aaab Aliases: CVE-2009-2044	Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.	1.8.10-6 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kfpb-m615-aaar Aliases: CVE-2020-35492	A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.	1.16.0-4+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.16.0-5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-m8h2-pzfh-aaaa Aliases: CVE-2018-19876	cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.	1.16.0-4+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rbmz-eq56-aaac Aliases: CVE-2016-9082	Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.	1.14.8-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tq9e-k6nt-aaab Aliases: CVE-2016-3190	The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.	1.14.8-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-z4ra-ajwq-aaap Aliases: CVE-2017-9814	cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.	1.16.0-4+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T18:14:50.135556+00:00	Debian Oval Importer	Affected by	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T17:13:36.555839+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T16:09:39.500576+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:53:35.702077+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:31:28.599699+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T11:43:55.603605+00:00	Debian Oval Importer	Affected by	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T11:37:13.047706+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-20T22:31:01.607727+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	None	36.1.3
2025-06-20T21:02:42.207289+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	None	36.1.3
2025-06-20T20:46:15.361012+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	None	36.1.3
2025-06-20T20:23:30.397344+00:00	Debian Oval Importer	Affected by	VCID-6xh3-hmne-aaab	None	36.1.3
2025-06-20T20:20:58.631839+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	None	36.1.3
2025-06-20T20:20:11.172132+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	None	36.1.3
2025-06-08T10:46:03.313524+00:00	Debian Oval Importer	Affected by	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T09:55:12.383530+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T08:59:36.137510+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:47:53.192490+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:25:31.371714+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T04:59:29.019052+00:00	Debian Oval Importer	Affected by	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T04:54:56.889083+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T15:55:09.059684+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	None	36.1.0
2025-06-07T14:29:18.452966+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	None	36.1.0
2025-06-07T14:18:12.179995+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	None	36.1.0
2025-06-07T13:58:54.853947+00:00	Debian Oval Importer	Affected by	VCID-6xh3-hmne-aaab	None	36.1.0
2025-06-07T13:57:41.025093+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	None	36.1.0
2025-06-07T13:57:22.288499+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	None	36.1.0
2025-04-12T22:34:55.633454+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:48:36.785923+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:39:01.826749+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:28:35.174782+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:58:31.889196+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T16:28:04.617059+00:00	Debian Oval Importer	Affected by	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T08:27:25.687295+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T07:31:13.422342+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:20:18.057631+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:57:49.448058+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T03:30:27.477465+00:00	Debian Oval Importer	Affected by	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T03:26:07.671935+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T14:26:08.214403+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	None	36.0.0
2025-04-07T13:01:32.604812+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	None	36.0.0
2025-04-07T12:50:57.552595+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	None	36.0.0
2025-04-07T12:33:24.594830+00:00	Debian Oval Importer	Affected by	VCID-6xh3-hmne-aaab	None	36.0.0
2025-04-07T12:32:18.370311+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	None	36.0.0
2025-04-07T12:32:01.033540+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	None	36.0.0
2024-11-27T04:51:24.468825+00:00	Debian Oval Importer	Affected by	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	35.0.0
2024-10-13T01:52:24.106547+00:00	Debian Oval Importer	Affected by	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.2
2024-09-20T19:19:25.126023+00:00	Debian Oval Importer	Affected by	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.1