rpm package
suse/cairo&distro=SUSE Linux Enterprise Server 11 SP4
pkg:rpm/suse/cairo&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9814 | Hig | 7.5 | < 1.8.8-2.3.7.1 | 1.8.8-2.3.7.1 | Jul 17, 2017 | cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. | |
| CVE-2017-7475 | Med | 5.5 | < 1.8.8-2.3.7.1 | 1.8.8-2.3.7.1 | May 19, 2017 | Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. | |
| CVE-2016-9082 | Med | 5.5 | < 1.8.8-2.3.7.1 | 1.8.8-2.3.7.1 | Feb 3, 2017 | Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. |
- affected < 1.8.8-2.3.7.1fixed 1.8.8-2.3.7.1
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
- affected < 1.8.8-2.3.7.1fixed 1.8.8-2.3.7.1
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
- affected < 1.8.8-2.3.7.1fixed 1.8.8-2.3.7.1
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.