Cairographics Cairo
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Cairographics Cairo.
By the Year
In 2025 there have been 0 vulnerabilities in Cairographics Cairo. Cairo did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 1 | 7.80 |
2020 | 0 | 0.00 |
2019 | 2 | 6.50 |
2018 | 2 | 6.50 |
It may take a day or so for new Cairo vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cairographics Cairo Security Vulnerabilities
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4
CVE-2020-35492
7.8 - High
- March 18, 2021
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
Memory Corruption
An issue was discovered in cairo 1.16.0
CVE-2019-6461
6.5 - Medium
- January 16, 2019
An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
assertion failure
An issue was discovered in cairo 1.16.0
CVE-2019-6462
6.5 - Medium
- January 16, 2019
An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.
Infinite Loop
cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c
CVE-2018-19876
6.5 - Medium
- December 05, 2018
cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.
Dangling pointer
cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+
CVE-2018-18064
6.5 - Medium
- October 08, 2018
cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).
Memory Corruption
cairo-truetype-subset.c in cairo 1.15.6 and earlier
CVE-2017-9814
7.5 - High
- July 17, 2017
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
Out-of-bounds Read
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
CVE-2017-7475
5.5 - Medium
- May 19, 2017
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
NULL Pointer Dereference
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo
CVE-2013-6425
- January 18, 2014
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
Integer underflow
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OpenSuse or by Cairographics? Click the Watch button to subscribe.
