CVE-2020-35492Stack-based Buffer Overflow in Cairo

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write10 documents7 sources
Severity
7.8HIGHNVD
OSV7.5OSV5.5
EPSS
0.1%
top 71.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cairographics CairoDebian CairoMsrc CM1 Cairo 1.17.4-1 ON CBL Mariner 1.0
Timeline
PublishedMar 18
Latest updateApr 2

Description

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

debiandebian/cairo< cairo 1.16.0-5 (bookworm)
NVDcairographics/cairo< 1.17.4
Debiancairographics/cairo< 1.16.0-5+3
Ubuntucairographics/cairo< 1.16.0-5ubuntu2.1+4
CVEListV5cairographics/cairoAll cairo versions

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
OSV
cairo vulnerabilities2026-04-02
GHSA
GHSA-65pg-7gjm-q28m: A flaw was found in cairo's image-compositor2022-05-24
OSV
cairo vulnerabilities2022-05-10
OSV
CVE-2020-35492: A flaw was found in cairo's image-compositor2021-03-18

📋Vendor Advisories

5
Ubuntu
Cairo vulnerabilities2026-04-02
Ubuntu
Cairo vulnerabilities2022-05-10
Microsoft
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example by convincing2021-03-09
Red Hat
cairo: libreoffice slideshow aborts with stack smashing in cairo's composite_boxes2020-12-28
Debian
CVE-2020-35492: cairo - A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. ...2020