Peter Valchev (Google Security) discovered a series of integer overflow weaknesses in Cairo, a vector graphics rendering library used by many other applications. If an application uses cairo to render a maliciously crafted PNG image, the vulnerability allows the execution of arbitrary code. For the stable distribution (etch), these problems have been fixed in version 1.2.4-4.1+etch1. For the unstable distribution (sid), these problems have been fixed in version 1.4.10-1.1. We recommend that you upgrade your libcairo packages.
Peter Valchev (Google Security) discovered a series of integer overflow weaknesses in Cairo, a vector graphics rendering library used by many other applications. If an application uses cairo to render a maliciously crafted PNG image, the vulnerability allows the execution of arbitrary code.
For the stable distribution (etch), these problems have been fixed in version 1.2.4-4.1+etch4.
For the unstable distribution (sid), these problems have been fixed in version 1.4.10-1.1.
We recommend that you upgrade your libcairo packages.
MD5 checksums of the listed files are available in the original advisory.