Vulnerability Description
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cairographics | Cairo | < 1.17.4 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1898396Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/202305-21
- https://bugzilla.redhat.com/show_bug.cgi?id=1898396Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/202305-21
FAQ
What is CVE-2020-35492?
CVE-2020-35492 is a vulnerability with a CVSS score of 7.8 (HIGH). A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincin...
How severe is CVE-2020-35492?
CVE-2020-35492 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35492?
Check the references section above for vendor advisories and patch information. Affected products include: Cairographics Cairo.