Unrated severityNVD Advisory· Published Mar 18, 2021· Updated Feb 13, 2025
CVE-2020-35492
CVE-2020-35492
Description
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- cairo/cairodescription
- Range: < 1.17.4
- osv-coords6 versionspkg:rpm/almalinux/cairopkg:rpm/almalinux/cairo-develpkg:rpm/almalinux/cairo-gobjectpkg:rpm/almalinux/cairo-gobject-develpkg:rpm/almalinux/pixmanpkg:rpm/almalinux/pixman-devel
< 1.15.12-6.el8+ 5 more
- (no CPE)range: < 1.15.12-6.el8
- (no CPE)range: < 1.15.12-6.el8
- (no CPE)range: < 1.15.12-6.el8
- (no CPE)range: < 1.15.12-6.el8
- (no CPE)range: < 0.38.4-2.el8
- (no CPE)range: < 0.38.4-2.el8
Patches
Vulnerability mechanics
References
2- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security.gentoo.org/glsa/202305-21mitre
News mentions
0No linked articles in our index yet.