Published: 18/03/2021 Updated: 03/05/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A flaw was found in cairo's image-compositor.c in all versions before 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cairographics cairo

Debian Bug report logs - #978658 cairo: CVE-2020-35492 Package: src:cairo; Maintainer for src:cairo is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 29 Dec 2020 20:15:02 UTC Severity: important Tags: security, upstream Found ...

Several security issues were fixed in cairo ...

Synopsis Moderate: cairo and pixman security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for cairo and pixman is now available for Red Hat Enterprise Linux 8Red Hat Product Security has ra ...

Synopsis Moderate: Migration Toolkit for Containers (MTC) 165 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 165 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Important: OpenShift Virtualization 4110 Images security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4110 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a secur ...

Synopsis Important: OpenShift Container Platform 4110 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Co ...

Synopsis Moderate: Migration Toolkit for Containers (MTC) 172 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 172 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

A flaw was found in cairo's image-compositorc An attacker who is able to provide a crafted input file to cairo's image-compositor (eg by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) could cause a stack buffer overflow leading to an out-of-bounds write ...

CWE-787 https://bugzilla.redhat.com/show_bug.cgi?id=1898396 https://security.gentoo.org/glsa/202305-21 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978658 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5407-1 https://security.archlinux.org/CVE-2020-35492

CVE-2020-35492

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect