Vulnerabilities > CVE-2020-35492 - Out-of-bounds Write vulnerability in Cairographics Cairo

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

cairographics

CWE-787

NVD

Published: 2021-03-18

Updated: 2023-05-03

Summary

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

Vulnerable Configurations

Part	Description	Count
Application	Cairographics Cairographics Cairo - Cairographics Cairo 1.0.0 Cairographics Cairo 1.0.2 Cairographics Cairo 1.0.4 Cairographics Cairo 1.2.0 Cairographics Cairo 1.2.2 Cairographics Cairo 1.2.4 Cairographics Cairo 1.2.6 Cairographics Cairo 1.4.0 Cairographics Cairo 1.4.2 Cairographics Cairo 1.4.4 Cairographics Cairo 1.4.6 Cairographics Cairo 1.4.8 Cairographics Cairo 1.4.10 Cairographics Cairo 1.4.12 Cairographics Cairo 1.4.14 Cairographics Cairo 1.6.0 Cairographics Cairo 1.6.2 Cairographics Cairo 1.6.4 Cairographics Cairo 1.8.0 Cairographics Cairo 1.8.2 Cairographics Cairo 1.8.4 Cairographics Cairo 1.8.6 Cairographics Cairo 1.8.8 Cairographics Cairo 1.8.10 Cairographics Cairo 1.10.0 Cairographics Cairo 1.10.2 Cairographics Cairo 1.12.0 Cairographics Cairo 1.12.2 Cairographics Cairo 1.12.4 Cairographics Cairo 1.12.6 Cairographics Cairo 1.12.8 Cairographics Cairo 1.12.10 Cairographics Cairo 1.12.12 Cairographics Cairo 1.12.14 Cairographics Cairo 1.12.16 Cairographics Cairo 1.14.2 Cairographics Cairo 1.14.4 Cairographics Cairo 1.14.6 Cairographics Cairo 1.14.8 Cairographics Cairo 1.14.10 Cairographics Cairo 1.14.12 Cairographics Cairo 1.15.2 Cairographics Cairo 1.15.4 Cairographics Cairo 1.15.6 Cairographics Cairo 1.15.10 Cairographics Cairo 1.15.12 Cairographics Cairo 1.15.14 Cairographics Cairo 1.16.0 Cairographics Cairo 1.17.2	50

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References