Cairographics
Products
1- Cairo13 CVEsgem
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9814 | Hig | 0.49 | 7.5 | 0.03 | Jul 17, 2017 | cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. | ||
| CVE-2016-3190 | Hig | 0.49 | 7.5 | 0.02 | Apr 21, 2016 | The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length. | ||
| CVE-2018-18064 | Med | 0.42 | 6.5 | 0.01 | Oct 8, 2018 | cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the… | ||
| CVE-2017-7475 | Med | 0.36 | 5.5 | 0.02 | May 19, 2017 | Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. | ||
| CVE-2016-9082 | Med | 0.36 | 5.5 | 0.02 | Feb 3, 2017 | Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. | ||
| CVE-2025-50422 | Low | 0.19 | 2.9 | 0.00 | Aug 4, 2025 | Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c. | ||
| CVE-2014-5116 | 0.04 | — | 0.08 | Jul 29, 2014 | The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string. | |||
| CVE-2006-0528 | 0.04 | — | 0.09 | Feb 2, 2006 | The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the… | |||
| CVE-2020-35492 | 0.00 | — | 0.01 | Mar 18, 2021 | A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application… | |||
| CVE-2019-6461 | 0.00 | — | 0.02 | Jan 16, 2019 | An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. | |||
| CVE-2019-6462 | 0.00 | — | 0.02 | Jan 16, 2019 | An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. | |||
| CVE-2018-19876 | 0.00 | — | 0.02 | Dec 5, 2018 | cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error. | |||
| CVE-2007-5503 | 0.00 | — | 0.05 | Nov 30, 2007 | Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function. |
- risk 0.49cvss 7.5epss 0.03
cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.
- risk 0.49cvss 7.5epss 0.02
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
- risk 0.42cvss 6.5epss 0.01
cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the…
- risk 0.36cvss 5.5epss 0.02
Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.
- risk 0.36cvss 5.5epss 0.02
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.
- risk 0.19cvss 2.9epss 0.00
Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.
- CVE-2014-5116Jul 29, 2014risk 0.04cvss —epss 0.08
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.
- CVE-2006-0528Feb 2, 2006risk 0.04cvss —epss 0.09
The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the…
- CVE-2020-35492Mar 18, 2021risk 0.00cvss —epss 0.01
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application…
- CVE-2019-6461Jan 16, 2019risk 0.00cvss —epss 0.02
An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
- CVE-2019-6462Jan 16, 2019risk 0.00cvss —epss 0.02
An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.
- CVE-2018-19876Dec 5, 2018risk 0.00cvss —epss 0.02
cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.
- CVE-2007-5503Nov 30, 2007risk 0.00cvss —epss 0.05
Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png function.