CVE-2016-9082
published 2017-02-03CVE-2016-9082: Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg…
PriorityP418medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EPSS
1.99%
78.2th percentile
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cairographics | cairo | — | — |
| cairographics | cairo | >= 0 < 1.14.6-1.1 | 1.14.6-1.1 |
| cairographics | cairo | >= 0 < 1.14.6-1.1 | 1.14.6-1.1 |
| cairographics | cairo | >= 0 < 1.14.6-1.1 | 1.14.6-1.1 |
| cairographics | cairo | >= 0 < 1.14.6-1.1 | 1.14.6-1.1 |
| cairographics | cairo | >= 0 < 1.14.6-1ubuntu0.1~esm1 | 1.14.6-1ubuntu0.1~esm1 |
| debian | cairo | < cairo 1.14.6-1.1 (bookworm) | cairo 1.14.6-1.1 (bookworm) |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x45f-pw34-h43w: Integer overflow in the write_png function in cairo 1
ghsa_unreviewed·2022-05-14
CVE-2016-9082 [MEDIUM] CWE-190 GHSA-x45f-pw34-h43w: Integer overflow in the write_png function in cairo 1
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.
OSV
cairo vulnerabilities
osv·2022-05-10·CVSS 5.5
CVE-2016-9082 [MEDIUM] cairo vulnerabilities
cairo vulnerabilities
Gustavo Grieco, Alberto Garcia, Francisco Oca, Suleman Ali, and others
discovered that Cairo incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-9082, CVE-2017-9814, CVE-2019-6462)
Stephan Bergmann discovered that Cairo incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code.
(CVE-2020-35492)
OSV
CVE-2016-9082: Integer overflow in the write_png function in cairo 1
osv·2017-02-03·CVSS 5.5
CVE-2016-9082 [MEDIUM] CVE-2016-9082: Integer overflow in the write_png function in cairo 1
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.
Ubuntu
Cairo vulnerabilities
vendor_ubuntu·2022-05-10·CVSS 5.5
CVE-2017-9814 [MEDIUM] Cairo vulnerabilities
Title: Cairo vulnerabilities
Summary: Several security issues were fixed in cairo.
Gustavo Grieco, Alberto Garcia, Francisco Oca, Suleman Ali, and others
discovered that Cairo incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-9082, CVE-2017-9814, CVE-2019-6462)
Stephan Bergmann discovered that Cairo incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code.
(CVE-2020-35492)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
cairo: Out of bounds read in read_png/write_png in cairo-png.c
vendor_redhat·2016-10-05·CVSS 5.5
CVE-2016-9082 [MEDIUM] cairo: Out of bounds read in read_png/write_png in cairo-png.c
cairo: Out of bounds read in read_png/write_png in cairo-png.c
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.
Package: cairo (Red Hat Enterprise Linux 5) - Will not fix
Package: cairo (Red Hat Enterprise Linux 6) - Will not fix
Package: cairo (Red Hat Enterprise Linux 7) - Will not fix
Package: mingw-virt-viewer (Red Hat Enterprise Virtualization 3) - Will not fix
Debian
CVE-2016-9082: cairo - Integer overflow in the write_png function in cairo 1.14.6 allows remote attacke...
vendor_debian·2016·CVSS 5.5
CVE-2016-9082 [MEDIUM] CVE-2016-9082: cairo - Integer overflow in the write_png function in cairo 1.14.6 allows remote attacke...
Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.
Scope: local
bookworm: resolved (fixed in 1.14.6-1.1)
bullseye: resolved (fixed in 1.14.6-1.1)
forky: resolved (fixed in 1.14.6-1.1)
sid: resolved (fixed in 1.14.6-1.1)
trixie: resolved (fixed in 1.14.6-1.1)
No detection rules found.
No public exploits indexed.
http://www.openwall.com/lists/oss-security/2016/10/27/2http://www.securityfocus.com/bid/93931https://bugs.freedesktop.org/attachment.cgi?id=127421https://bugs.freedesktop.org/show_bug.cgi?id=98165https://bugzilla.redhat.com/show_bug.cgi?id=1312337https://security.gentoo.org/glsa/201904-01http://www.openwall.com/lists/oss-security/2016/10/27/2http://www.securityfocus.com/bid/93931https://bugs.freedesktop.org/attachment.cgi?id=127421https://bugs.freedesktop.org/show_bug.cgi?id=98165https://bugzilla.redhat.com/show_bug.cgi?id=1312337https://security.gentoo.org/glsa/201904-01
2017-02-03
Published