Ubuntu update for cairo



Published: 2022-05-11
Risk High
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2016-9082
CVE-2017-9814
CVE-2019-6462
CVE-2020-35492
CWE-ID CWE-190
CWE-125
CWE-835
CWE-121
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe 		Ubuntu
Operating systems & Components / Operating system

libcairo2 (Ubuntu package)
Operating systems & Components / Operating system package or component

cairo-perf-utils (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Integer overflow

EUVDB-ID: #VU13197

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9082

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to integer overflow in the write_png function. A remote attacker can send a specially crafted large svg file, trigger invalid pointer dereference and cause the service to crash.

Mitigation

Update the affected package cairo to the latest version.

Vulnerable software versions

Ubuntu: 16.04

libcairo2 (Ubuntu package): before 1.14.61u buntu0.1~esm1

cairo-perf-utils (Ubuntu package): before 1.14.61u buntu0.1~esm1

External links

http://ubuntu.com/security/notices/USN-5407-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU12616

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9814

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in cairo-truetype-subset.c due to out-of-bounds read because of mishandling of an unexpected malloc(0) call. A remote attacker can cause the service to crash.

Mitigation

Update the affected package cairo to the latest version.

Vulnerable software versions

Ubuntu: 16.04

libcairo2 (Ubuntu package): before 1.14.61u buntu0.1~esm1

cairo-perf-utils (Ubuntu package): before 1.14.61u buntu0.1~esm1

External links

http://ubuntu.com/security/notices/USN-5407-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Infinite loop

EUVDB-ID: #VU17099

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-6462

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package cairo to the latest version.

Vulnerable software versions

Ubuntu: 16.04

libcairo2 (Ubuntu package): before 1.14.61u buntu0.1~esm1

cairo-perf-utils (Ubuntu package): before 1.14.61u buntu0.1~esm1

External links

http://ubuntu.com/security/notices/USN-5407-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Stack-based buffer overflow

EUVDB-ID: #VU52196

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-35492

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

Mitigation

Update the affected package cairo to the latest version.

Vulnerable software versions

Ubuntu: 16.04

libcairo2 (Ubuntu package): before 1.14.61u buntu0.1~esm1

cairo-perf-utils (Ubuntu package): before 1.14.61u buntu0.1~esm1

External links

http://ubuntu.com/security/notices/USN-5407-1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###