VYPR

rpm package

suse/cairo&distro=SUSE Linux Enterprise Server 11 SP4

pkg:rpm/suse/cairo&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Vulnerabilities (3)

  • CVE-2017-9814HigJul 17, 2017
    affected < 1.8.8-2.3.7.1fixed 1.8.8-2.3.7.1

    cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

  • CVE-2017-7475MedMay 19, 2017
    affected < 1.8.8-2.3.7.1fixed 1.8.8-2.3.7.1

    Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

  • CVE-2016-9082MedFeb 3, 2017
    affected < 1.8.8-2.3.7.1fixed 1.8.8-2.3.7.1

    Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.