CVE-2016-9082 — Integer Overflow or Wraparound in Cairo

CWE-190 — Integer Overflow or Wraparound8 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 38.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cairographics Cairo Debian Cairo

Timeline

PublishedFeb 3

Latest updateMay 14

Description

Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/cairo< cairo 1.14.6-1.1 (bookworm)

▶Debiancairographics/cairo< 1.14.6-1.1+3

▶Ubuntucairographics/cairo< 1.14.6-1ubuntu0.1~esm1

▶NVDcairographics/cairo1.14.6

🔴Vulnerability Details

GHSA

GHSA-x45f-pw34-h43w: Integer overflow in the write_png function in cairo 1↗2022-05-14

▶

OSV

cairo vulnerabilities↗2022-05-10

▶

OSV

CVE-2016-9082: Integer overflow in the write_png function in cairo 1↗2017-02-03

▶

📋Vendor Advisories

Ubuntu

Cairo vulnerabilities↗2022-05-10

▶

Red Hat

cairo: Out of bounds read in read_png/write_png in cairo-png.c↗2016-10-05

▶

Debian

CVE-2016-9082: cairo - Integer overflow in the write_png function in cairo 1.14.6 allows remote attacke...↗2016

▶

💬Community

Bugzilla

CVE-2016-9082 cairo: Out of bounds read in read_png/write_png in cairo-png.c↗2016-02-26

▶