CVE-2020-35492

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2020-35492
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2021-03-18 19:15:00 UTC
Updated2023-05-03 12:15:00 UTC
DescriptionA flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Cairographics Cairo All All All All
Operating System Fedoraproject Fedora 33 All All All
Application Imagemagick Image-compositor.c All All All All

References

ReferenceSourceLinkTags
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
1898396 – (CVE-2020-35492) CVE-2020-35492 cairo: libreoffice slideshow aborts with stack smashing in cairo's composite_boxes MISC bugzilla.redhat.com
Cairo: Buffer Overflow Vulnerability (GLSA 202305-21) — Gentoo security MISC security.gentoo.org
Fix mask usage in image-compositor (03a820b1) · Commits · cairo / cairo · GitLab MISC gitlab.freedesktop.org Patch, Third Party Advisory
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159818 Oracle Enterprise Linux Security Update for cairo and pixman (ELSA-2022-1961)
  • 240301 Red Hat Update for cairo and pixman (RHSA-2022:1961)
  • 296067 Oracle Solaris 11.4 Support Repository Update (SRU) 33.94.0 Missing (CPUAPR2021)
  • 500088 Alpine Linux Security Update for cairo
  • 501389 Alpine Linux Security Update for cairo
  • 503879 Alpine Linux Security Update for cairo
  • 670361 EulerOS Security Update for cairo (EulerOS-SA-2021-1769)
  • 670422 EulerOS Security Update for cairo (EulerOS-SA-2021-1977)
  • 670441 EulerOS Security Update for cairo (EulerOS-SA-2021-2059)
  • 670452 EulerOS Security Update for cairo (EulerOS-SA-2021-2048)
  • 670455 EulerOS Security Update for cairo (EulerOS-SA-2021-2213)
  • 670600 EulerOS Security Update for cairo (EulerOS-SA-2021-2358)
  • 710725 Gentoo Linux Cairo Buffer Overflow Vulnerability (GLSA 202305-21)
  • 900104 CBL-Mariner Linux Security Update for cairo 1.16.0
  • 903094 Common Base Linux Mariner (CBL-Mariner) Security Update for cairo (4018)
  • 940512 AlmaLinux Security Update for cairo and pixman (ALSA-2022:1961)
  • 960233 Rocky Linux Security Update for cairo and pixman (RLSA-2022:1961)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report