VulnerableCode Package Details - pkg:deb/debian/cairo@1.8.10-6

Search for packages

Package details: pkg:deb/debian/cairo@1.8.10-6

Essentials
History (47)

purl	pkg:deb/debian/cairo@1.8.10-6

Next non-vulnerable version	1.18.4-1
Latest non-vulnerable version	1.18.4-1
Risk	4.5

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-kfpb-m615-aaar Aliases: CVE-2020-35492	A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.	1.16.0-4+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.16.0-5 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-m8h2-pzfh-aaaa Aliases: CVE-2018-19876	cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.	1.16.0-4+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rbmz-eq56-aaac Aliases: CVE-2016-9082	Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.	1.14.8-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-tq9e-k6nt-aaab Aliases: CVE-2016-3190	The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.	1.14.8-1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-z4ra-ajwq-aaap Aliases: CVE-2017-9814	cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.	1.16.0-4+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-6xh3-hmne-aaab	Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.	CVE-2009-2044

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T18:14:50.138583+00:00	Debian Oval Importer	Fixing	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.3
2025-06-21T17:13:36.558083+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T16:09:39.502877+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:53:35.704592+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:31:28.602849+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T11:43:55.606155+00:00	Debian Oval Importer	Fixing	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T11:37:13.049890+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-20T22:31:01.610041+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	None	36.1.3
2025-06-20T21:02:42.209189+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	None	36.1.3
2025-06-20T20:46:15.363044+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	None	36.1.3
2025-06-20T20:23:30.399108+00:00	Debian Oval Importer	Fixing	VCID-6xh3-hmne-aaab	None	36.1.3
2025-06-20T20:20:58.633693+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	None	36.1.3
2025-06-20T20:20:11.173868+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	None	36.1.3
2025-06-08T10:46:03.315390+00:00	Debian Oval Importer	Fixing	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T09:55:12.385207+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T08:59:36.139149+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:47:53.194157+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:25:31.373388+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T04:59:29.022243+00:00	Debian Oval Importer	Fixing	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T04:54:56.890836+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T15:55:09.061514+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	None	36.1.0
2025-06-07T14:29:18.455307+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	None	36.1.0
2025-06-07T14:18:12.181705+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	None	36.1.0
2025-06-07T13:58:54.855980+00:00	Debian Oval Importer	Fixing	VCID-6xh3-hmne-aaab	None	36.1.0
2025-06-07T13:57:41.026979+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	None	36.1.0
2025-06-07T13:57:22.290140+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	None	36.1.0
2025-04-12T22:34:55.638438+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:48:36.789663+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:39:01.831672+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T21:28:35.178999+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T20:58:31.894131+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T16:28:04.622125+00:00	Debian Oval Importer	Fixing	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T08:27:25.692259+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T07:31:13.426699+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:20:18.062004+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:57:49.452725+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T03:30:27.482517+00:00	Debian Oval Importer	Fixing	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T03:26:07.676893+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T14:26:08.219252+00:00	Debian Oval Importer	Affected by	VCID-m8h2-pzfh-aaaa	None	36.0.0
2025-04-07T13:01:32.610129+00:00	Debian Oval Importer	Affected by	VCID-rbmz-eq56-aaac	None	36.0.0
2025-04-07T12:50:57.557993+00:00	Debian Oval Importer	Affected by	VCID-kfpb-m615-aaar	None	36.0.0
2025-04-07T12:33:24.599794+00:00	Debian Oval Importer	Fixing	VCID-6xh3-hmne-aaab	None	36.0.0
2025-04-07T12:32:18.377015+00:00	Debian Oval Importer	Affected by	VCID-z4ra-ajwq-aaap	None	36.0.0
2025-04-07T12:32:01.039305+00:00	Debian Oval Importer	Affected by	VCID-tq9e-k6nt-aaab	None	36.0.0
2024-11-27T04:51:24.473967+00:00	Debian Oval Importer	Fixing	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	35.0.0
2024-10-13T01:52:24.111574+00:00	Debian Oval Importer	Fixing	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.2
2024-09-20T19:19:25.132534+00:00	Debian Oval Importer	Fixing	VCID-6xh3-hmne-aaab	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	34.0.1