CVE-2020-35492

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions cairo versions prior to 1.17.4

Description A flaw was found in cairo's image-compositor.c, allowing an attacker who can provide a crafted input file to cause a stack buffer overflow, resulting in an out-of-bounds WRITE. This can lead to confidentiality, integrity, and system availability issues. The attacker can exploit this by convincing a user to open a crafted file in an application using cairo or if an application uses cairo on untrusted input.

Recommendations For versions prior to 1.17.4, update to version 1.17.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of cairo's image-compositor.c on untrusted input until a patch is available. Avoid using cairo on untrusted input files to minimize the risk of exploitation.

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

ALSA-2022:1961

ALT-PU-2022-3396

ALT-PU-2023-1002

ALT-PU-2023-1010

ALT-PU-2023-4111

ALT-PU-2023-8411

BDU:2021-03445

CESA-2022_1961

CVE-2020-35492

DLA-2518-1

MGASA-2021-0028

OESA-2021-1155

RHSA-2022:1961

RHSA-2022_1961

RLSA-2022:1961

USN-5407-1

USN-8140-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Ubuntu

Cairo

CVE-2020-35492

Weakness Enumeration

Related Identifiers

Affected Products

References · 48