#VU52196 Stack-based buffer overflow in Cairo


Published: 2021-03-18 | Updated: 2021-04-13

Vulnerability identifier: #VU52196

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-35492

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cairo
Universal components / Libraries / Libraries used by multiple products

Vendor: cairographics

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Cairo: 1.2-8

External links
http://bugzilla.redhat.com/show_bug.cgi?id=1898396

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for Cairo
Multiple vulnerabilities in OpenShift Virtualization
Multiple vulnerabilities in OpenShift Container Platform 4.11
Multiple vulnerabilities in Red Hat Migration Toolkit for Containers (MTC)
Red Hat Enterprise Linux 8 update for cairo and pixman
Ubuntu update for cairo
openEuler 20.03 LTS SP1 update for cairo
Stack-based buffer overflow in cairo (Alpine package)
Stack-based buffer overflow in Cairo