Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2020-35492
Vulnerability from cvelistv5
Published
2021-03-18 18:59
Modified
2024-08-04 17:02
Severity ?
EPSS score ?
Summary
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1898396 | Issue Tracking, Patch, Third Party Advisory | |
secalert@redhat.com | https://security.gentoo.org/glsa/202305-21 | ||
af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1898396 | Issue Tracking, Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-21 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:02:08.083Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-21" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "cairo", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All cairo versions" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in cairo\u0027s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo\u0027s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -\u003e out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-18T18:59:41", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396" }, { "url": "https://security.gentoo.org/glsa/202305-21" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-35492", "datePublished": "2021-03-18T18:59:41", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-04T17:02:08.083Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-35492\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-03-18T19:15:13.230\",\"lastModified\":\"2024-11-21T05:27:24.803\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in cairo\u0027s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo\u0027s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -\u003e out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en el archivo image-compositor.c de cairo en todas las versiones anteriores a 1.17.4.\u0026#xa0;Este fallo permite a un atacante que puede proporcionar un archivo de entrada dise\u00f1ado al compositor de im\u00e1genes de cairo (por ejemplo, convenciendo a un usuario de abrir un archivo en una aplicaci\u00f3n usando cairo, o si la aplicaci\u00f3n usa cairo en una entrada que no es confiable) para causar un desbordamiento de b\u00fafer de la pila. -) ESCRITURA fuera de l\u00edmites.\u0026#xa0;El mayor impacto de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cairographics:cairo:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.17.4\",\"matchCriteriaId\":\"D1FD4423-56E7-439A-B8B0-3D586F6B71A3\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1898396\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-21\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1898396\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
ghsa-65pg-7gjm-q28m
Vulnerability from github
Published
2022-05-24 17:44
Modified
2022-05-24 17:44
Severity ?
Details
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
{ "affected": [], "aliases": [ "CVE-2020-35492" ], "database_specific": { "cwe_ids": [ "CWE-121", "CWE-787" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2021-03-18T19:15:00Z", "severity": "HIGH" }, "details": "A flaw was found in cairo\u0027s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo\u0027s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -\u003e out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.", "id": "GHSA-65pg-7gjm-q28m", "modified": "2022-05-24T17:44:47Z", "published": "2022-05-24T17:44:47Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35492" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2022:1961" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2020-35492" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396" }, { "type": "WEB", "url": "https://gitlab.freedesktop.org/cairo/cairo/-/commit/03a820b173ed1fdef6ff14b4468f5dbc02ff59be" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202305-21" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
rhsa-2022_1961
Vulnerability from csaf_redhat
Published
2022-05-10 14:11
Modified
2024-11-22 18:33
Summary
Red Hat Security Advisory: cairo and pixman security and bug fix update
Notes
Topic
An update for cairo and pixman is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Cairo is a 2D graphics library designed to provide high-quality display and print output.
Pixman is a pixel manipulation library for the X Window System and Cairo.
Security Fix(es):
* cairo: libreoffice slideshow aborts with stack smashing in cairo's composite_boxes (CVE-2020-35492)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for cairo and pixman is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Cairo is a 2D graphics library designed to provide high-quality display and print output.\n\nPixman is a pixel manipulation library for the X Window System and Cairo.\n\nSecurity Fix(es):\n\n* cairo: libreoffice slideshow aborts with stack smashing in cairo\u0027s composite_boxes (CVE-2020-35492)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1961", "url": "https://access.redhat.com/errata/RHSA-2022:1961" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/" }, { "category": "external", "summary": "1898396", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1961.json" } ], "title": "Red Hat Security Advisory: cairo and pixman security and bug fix update", "tracking": { "current_release_date": "2024-11-22T18:33:12+00:00", "generator": { "date": "2024-11-22T18:33:12+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:1961", "initial_release_date": "2022-05-10T14:11:28+00:00", "revision_history": [ { "date": "2022-05-10T14:11:28+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-10T14:11:28+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T18:33:12+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "cairo-0:1.15.12-6.el8.src", "product": { "name": "cairo-0:1.15.12-6.el8.src", "product_id": "cairo-0:1.15.12-6.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo@1.15.12-6.el8?arch=src" } } }, { "category": "product_version", "name": "pixman-0:0.38.4-2.el8.src", "product": { "name": "pixman-0:0.38.4-2.el8.src", "product_id": "pixman-0:0.38.4-2.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman@0.38.4-2.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "cairo-0:1.15.12-6.el8.aarch64", "product": { "name": "cairo-0:1.15.12-6.el8.aarch64", "product_id": "cairo-0:1.15.12-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo@1.15.12-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cairo-devel-0:1.15.12-6.el8.aarch64", "product": { "name": "cairo-devel-0:1.15.12-6.el8.aarch64", "product_id": "cairo-devel-0:1.15.12-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-devel@1.15.12-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cairo-gobject-0:1.15.12-6.el8.aarch64", "product": { "name": "cairo-gobject-0:1.15.12-6.el8.aarch64", "product_id": "cairo-gobject-0:1.15.12-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject@1.15.12-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cairo-gobject-devel-0:1.15.12-6.el8.aarch64", "product": { "name": "cairo-gobject-devel-0:1.15.12-6.el8.aarch64", "product_id": "cairo-gobject-devel-0:1.15.12-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject-devel@1.15.12-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cairo-debugsource-0:1.15.12-6.el8.aarch64", "product": { "name": "cairo-debugsource-0:1.15.12-6.el8.aarch64", "product_id": "cairo-debugsource-0:1.15.12-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-debugsource@1.15.12-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cairo-debuginfo-0:1.15.12-6.el8.aarch64", "product": { "name": "cairo-debuginfo-0:1.15.12-6.el8.aarch64", "product_id": "cairo-debuginfo-0:1.15.12-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-debuginfo@1.15.12-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.aarch64", "product": { "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.aarch64", "product_id": "cairo-gobject-debuginfo-0:1.15.12-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject-debuginfo@1.15.12-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.aarch64", "product": { "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.aarch64", "product_id": "cairo-tools-debuginfo-0:1.15.12-6.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-tools-debuginfo@1.15.12-6.el8?arch=aarch64" } } }, { "category": "product_version", "name": "pixman-0:0.38.4-2.el8.aarch64", "product": { "name": "pixman-0:0.38.4-2.el8.aarch64", "product_id": "pixman-0:0.38.4-2.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman@0.38.4-2.el8?arch=aarch64" } } }, { "category": "product_version", "name": "pixman-devel-0:0.38.4-2.el8.aarch64", "product": { "name": "pixman-devel-0:0.38.4-2.el8.aarch64", "product_id": "pixman-devel-0:0.38.4-2.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-devel@0.38.4-2.el8?arch=aarch64" } } }, { "category": "product_version", "name": "pixman-debugsource-0:0.38.4-2.el8.aarch64", "product": { "name": "pixman-debugsource-0:0.38.4-2.el8.aarch64", "product_id": "pixman-debugsource-0:0.38.4-2.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-debugsource@0.38.4-2.el8?arch=aarch64" } } }, { "category": "product_version", "name": "pixman-debuginfo-0:0.38.4-2.el8.aarch64", "product": { "name": "pixman-debuginfo-0:0.38.4-2.el8.aarch64", "product_id": "pixman-debuginfo-0:0.38.4-2.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-debuginfo@0.38.4-2.el8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "cairo-0:1.15.12-6.el8.ppc64le", "product": { "name": "cairo-0:1.15.12-6.el8.ppc64le", "product_id": "cairo-0:1.15.12-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo@1.15.12-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cairo-devel-0:1.15.12-6.el8.ppc64le", "product": { "name": "cairo-devel-0:1.15.12-6.el8.ppc64le", "product_id": "cairo-devel-0:1.15.12-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-devel@1.15.12-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cairo-gobject-0:1.15.12-6.el8.ppc64le", "product": { "name": "cairo-gobject-0:1.15.12-6.el8.ppc64le", "product_id": "cairo-gobject-0:1.15.12-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject@1.15.12-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cairo-gobject-devel-0:1.15.12-6.el8.ppc64le", "product": { "name": "cairo-gobject-devel-0:1.15.12-6.el8.ppc64le", "product_id": "cairo-gobject-devel-0:1.15.12-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject-devel@1.15.12-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cairo-debugsource-0:1.15.12-6.el8.ppc64le", "product": { "name": "cairo-debugsource-0:1.15.12-6.el8.ppc64le", "product_id": "cairo-debugsource-0:1.15.12-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-debugsource@1.15.12-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cairo-debuginfo-0:1.15.12-6.el8.ppc64le", "product": { "name": "cairo-debuginfo-0:1.15.12-6.el8.ppc64le", "product_id": "cairo-debuginfo-0:1.15.12-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-debuginfo@1.15.12-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.ppc64le", "product": { "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.ppc64le", "product_id": "cairo-gobject-debuginfo-0:1.15.12-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject-debuginfo@1.15.12-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.ppc64le", "product": { "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.ppc64le", "product_id": "cairo-tools-debuginfo-0:1.15.12-6.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-tools-debuginfo@1.15.12-6.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "pixman-0:0.38.4-2.el8.ppc64le", "product": { "name": "pixman-0:0.38.4-2.el8.ppc64le", "product_id": "pixman-0:0.38.4-2.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman@0.38.4-2.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "pixman-devel-0:0.38.4-2.el8.ppc64le", "product": { "name": "pixman-devel-0:0.38.4-2.el8.ppc64le", "product_id": "pixman-devel-0:0.38.4-2.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-devel@0.38.4-2.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "pixman-debugsource-0:0.38.4-2.el8.ppc64le", "product": { "name": "pixman-debugsource-0:0.38.4-2.el8.ppc64le", "product_id": "pixman-debugsource-0:0.38.4-2.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-debugsource@0.38.4-2.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "pixman-debuginfo-0:0.38.4-2.el8.ppc64le", "product": { "name": "pixman-debuginfo-0:0.38.4-2.el8.ppc64le", "product_id": "pixman-debuginfo-0:0.38.4-2.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-debuginfo@0.38.4-2.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "cairo-0:1.15.12-6.el8.i686", "product": { "name": "cairo-0:1.15.12-6.el8.i686", "product_id": "cairo-0:1.15.12-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo@1.15.12-6.el8?arch=i686" } } }, { "category": "product_version", "name": "cairo-devel-0:1.15.12-6.el8.i686", "product": { "name": "cairo-devel-0:1.15.12-6.el8.i686", "product_id": "cairo-devel-0:1.15.12-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-devel@1.15.12-6.el8?arch=i686" } } }, { "category": "product_version", "name": "cairo-gobject-0:1.15.12-6.el8.i686", "product": { "name": "cairo-gobject-0:1.15.12-6.el8.i686", "product_id": "cairo-gobject-0:1.15.12-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject@1.15.12-6.el8?arch=i686" } } }, { "category": "product_version", "name": "cairo-gobject-devel-0:1.15.12-6.el8.i686", "product": { "name": "cairo-gobject-devel-0:1.15.12-6.el8.i686", "product_id": "cairo-gobject-devel-0:1.15.12-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject-devel@1.15.12-6.el8?arch=i686" } } }, { "category": "product_version", "name": "cairo-debugsource-0:1.15.12-6.el8.i686", "product": { "name": "cairo-debugsource-0:1.15.12-6.el8.i686", "product_id": "cairo-debugsource-0:1.15.12-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-debugsource@1.15.12-6.el8?arch=i686" } } }, { "category": "product_version", "name": "cairo-debuginfo-0:1.15.12-6.el8.i686", "product": { "name": "cairo-debuginfo-0:1.15.12-6.el8.i686", "product_id": "cairo-debuginfo-0:1.15.12-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-debuginfo@1.15.12-6.el8?arch=i686" } } }, { "category": "product_version", "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.i686", "product": { "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.i686", "product_id": "cairo-gobject-debuginfo-0:1.15.12-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject-debuginfo@1.15.12-6.el8?arch=i686" } } }, { "category": "product_version", "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.i686", "product": { "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.i686", "product_id": "cairo-tools-debuginfo-0:1.15.12-6.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-tools-debuginfo@1.15.12-6.el8?arch=i686" } } }, { "category": "product_version", "name": "pixman-0:0.38.4-2.el8.i686", "product": { "name": "pixman-0:0.38.4-2.el8.i686", "product_id": "pixman-0:0.38.4-2.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman@0.38.4-2.el8?arch=i686" } } }, { "category": "product_version", "name": "pixman-devel-0:0.38.4-2.el8.i686", "product": { "name": "pixman-devel-0:0.38.4-2.el8.i686", "product_id": "pixman-devel-0:0.38.4-2.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-devel@0.38.4-2.el8?arch=i686" } } }, { "category": "product_version", "name": "pixman-debugsource-0:0.38.4-2.el8.i686", "product": { "name": "pixman-debugsource-0:0.38.4-2.el8.i686", "product_id": "pixman-debugsource-0:0.38.4-2.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-debugsource@0.38.4-2.el8?arch=i686" } } }, { "category": "product_version", "name": "pixman-debuginfo-0:0.38.4-2.el8.i686", "product": { "name": "pixman-debuginfo-0:0.38.4-2.el8.i686", "product_id": "pixman-debuginfo-0:0.38.4-2.el8.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-debuginfo@0.38.4-2.el8?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "cairo-0:1.15.12-6.el8.x86_64", "product": { "name": "cairo-0:1.15.12-6.el8.x86_64", "product_id": "cairo-0:1.15.12-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo@1.15.12-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cairo-devel-0:1.15.12-6.el8.x86_64", "product": { "name": "cairo-devel-0:1.15.12-6.el8.x86_64", "product_id": "cairo-devel-0:1.15.12-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-devel@1.15.12-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cairo-gobject-0:1.15.12-6.el8.x86_64", "product": { "name": "cairo-gobject-0:1.15.12-6.el8.x86_64", "product_id": "cairo-gobject-0:1.15.12-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject@1.15.12-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cairo-gobject-devel-0:1.15.12-6.el8.x86_64", "product": { "name": "cairo-gobject-devel-0:1.15.12-6.el8.x86_64", "product_id": "cairo-gobject-devel-0:1.15.12-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject-devel@1.15.12-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cairo-debugsource-0:1.15.12-6.el8.x86_64", "product": { "name": "cairo-debugsource-0:1.15.12-6.el8.x86_64", "product_id": "cairo-debugsource-0:1.15.12-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-debugsource@1.15.12-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cairo-debuginfo-0:1.15.12-6.el8.x86_64", "product": { "name": "cairo-debuginfo-0:1.15.12-6.el8.x86_64", "product_id": "cairo-debuginfo-0:1.15.12-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-debuginfo@1.15.12-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.x86_64", "product": { "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.x86_64", "product_id": "cairo-gobject-debuginfo-0:1.15.12-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject-debuginfo@1.15.12-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.x86_64", "product": { "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.x86_64", "product_id": "cairo-tools-debuginfo-0:1.15.12-6.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-tools-debuginfo@1.15.12-6.el8?arch=x86_64" } } }, { "category": "product_version", "name": "pixman-0:0.38.4-2.el8.x86_64", "product": { "name": "pixman-0:0.38.4-2.el8.x86_64", "product_id": "pixman-0:0.38.4-2.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman@0.38.4-2.el8?arch=x86_64" } } }, { "category": "product_version", "name": "pixman-devel-0:0.38.4-2.el8.x86_64", "product": { "name": "pixman-devel-0:0.38.4-2.el8.x86_64", "product_id": "pixman-devel-0:0.38.4-2.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-devel@0.38.4-2.el8?arch=x86_64" } } }, { "category": "product_version", "name": "pixman-debugsource-0:0.38.4-2.el8.x86_64", "product": { "name": "pixman-debugsource-0:0.38.4-2.el8.x86_64", "product_id": "pixman-debugsource-0:0.38.4-2.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-debugsource@0.38.4-2.el8?arch=x86_64" } } }, { "category": "product_version", "name": "pixman-debuginfo-0:0.38.4-2.el8.x86_64", "product": { "name": "pixman-debuginfo-0:0.38.4-2.el8.x86_64", "product_id": "pixman-debuginfo-0:0.38.4-2.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-debuginfo@0.38.4-2.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "cairo-0:1.15.12-6.el8.s390x", "product": { "name": "cairo-0:1.15.12-6.el8.s390x", "product_id": "cairo-0:1.15.12-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo@1.15.12-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "cairo-devel-0:1.15.12-6.el8.s390x", "product": { "name": "cairo-devel-0:1.15.12-6.el8.s390x", "product_id": "cairo-devel-0:1.15.12-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-devel@1.15.12-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "cairo-gobject-0:1.15.12-6.el8.s390x", "product": { "name": "cairo-gobject-0:1.15.12-6.el8.s390x", "product_id": "cairo-gobject-0:1.15.12-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject@1.15.12-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "cairo-gobject-devel-0:1.15.12-6.el8.s390x", "product": { "name": "cairo-gobject-devel-0:1.15.12-6.el8.s390x", "product_id": "cairo-gobject-devel-0:1.15.12-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject-devel@1.15.12-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "cairo-debugsource-0:1.15.12-6.el8.s390x", "product": { "name": "cairo-debugsource-0:1.15.12-6.el8.s390x", "product_id": "cairo-debugsource-0:1.15.12-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-debugsource@1.15.12-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "cairo-debuginfo-0:1.15.12-6.el8.s390x", "product": { "name": "cairo-debuginfo-0:1.15.12-6.el8.s390x", "product_id": "cairo-debuginfo-0:1.15.12-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-debuginfo@1.15.12-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.s390x", "product": { "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.s390x", "product_id": "cairo-gobject-debuginfo-0:1.15.12-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-gobject-debuginfo@1.15.12-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.s390x", "product": { "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.s390x", "product_id": "cairo-tools-debuginfo-0:1.15.12-6.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cairo-tools-debuginfo@1.15.12-6.el8?arch=s390x" } } }, { "category": "product_version", "name": "pixman-0:0.38.4-2.el8.s390x", "product": { "name": "pixman-0:0.38.4-2.el8.s390x", "product_id": "pixman-0:0.38.4-2.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman@0.38.4-2.el8?arch=s390x" } } }, { "category": "product_version", "name": "pixman-devel-0:0.38.4-2.el8.s390x", "product": { "name": "pixman-devel-0:0.38.4-2.el8.s390x", "product_id": "pixman-devel-0:0.38.4-2.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-devel@0.38.4-2.el8?arch=s390x" } } }, { "category": "product_version", "name": "pixman-debugsource-0:0.38.4-2.el8.s390x", "product": { "name": "pixman-debugsource-0:0.38.4-2.el8.s390x", "product_id": "pixman-debugsource-0:0.38.4-2.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-debugsource@0.38.4-2.el8?arch=s390x" } } }, { "category": "product_version", "name": "pixman-debuginfo-0:0.38.4-2.el8.s390x", "product": { "name": "pixman-debuginfo-0:0.38.4-2.el8.s390x", "product_id": "pixman-debuginfo-0:0.38.4-2.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/pixman-debuginfo@0.38.4-2.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cairo-0:1.15.12-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.aarch64" }, "product_reference": "cairo-0:1.15.12-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-0:1.15.12-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.i686" }, "product_reference": "cairo-0:1.15.12-6.el8.i686", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-0:1.15.12-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.ppc64le" }, "product_reference": "cairo-0:1.15.12-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-0:1.15.12-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.s390x" }, "product_reference": "cairo-0:1.15.12-6.el8.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-0:1.15.12-6.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.src" }, "product_reference": "cairo-0:1.15.12-6.el8.src", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-0:1.15.12-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.x86_64" }, "product_reference": "cairo-0:1.15.12-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-debuginfo-0:1.15.12-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.aarch64" }, "product_reference": "cairo-debuginfo-0:1.15.12-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-debuginfo-0:1.15.12-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.i686" }, "product_reference": "cairo-debuginfo-0:1.15.12-6.el8.i686", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-debuginfo-0:1.15.12-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.ppc64le" }, "product_reference": "cairo-debuginfo-0:1.15.12-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-debuginfo-0:1.15.12-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.s390x" }, "product_reference": "cairo-debuginfo-0:1.15.12-6.el8.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-debuginfo-0:1.15.12-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.x86_64" }, "product_reference": "cairo-debuginfo-0:1.15.12-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-debugsource-0:1.15.12-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.aarch64" }, "product_reference": "cairo-debugsource-0:1.15.12-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-debugsource-0:1.15.12-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.i686" }, "product_reference": "cairo-debugsource-0:1.15.12-6.el8.i686", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-debugsource-0:1.15.12-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.ppc64le" }, "product_reference": "cairo-debugsource-0:1.15.12-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-debugsource-0:1.15.12-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.s390x" }, "product_reference": "cairo-debugsource-0:1.15.12-6.el8.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-debugsource-0:1.15.12-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.x86_64" }, "product_reference": "cairo-debugsource-0:1.15.12-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-devel-0:1.15.12-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.aarch64" }, "product_reference": "cairo-devel-0:1.15.12-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-devel-0:1.15.12-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.i686" }, "product_reference": "cairo-devel-0:1.15.12-6.el8.i686", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-devel-0:1.15.12-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.ppc64le" }, "product_reference": "cairo-devel-0:1.15.12-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-devel-0:1.15.12-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.s390x" }, "product_reference": "cairo-devel-0:1.15.12-6.el8.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-devel-0:1.15.12-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.x86_64" }, "product_reference": "cairo-devel-0:1.15.12-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-0:1.15.12-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.aarch64" }, "product_reference": "cairo-gobject-0:1.15.12-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-0:1.15.12-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.i686" }, "product_reference": "cairo-gobject-0:1.15.12-6.el8.i686", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-0:1.15.12-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.ppc64le" }, "product_reference": "cairo-gobject-0:1.15.12-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-0:1.15.12-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.s390x" }, "product_reference": "cairo-gobject-0:1.15.12-6.el8.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-0:1.15.12-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.x86_64" }, "product_reference": "cairo-gobject-0:1.15.12-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.aarch64" }, "product_reference": "cairo-gobject-debuginfo-0:1.15.12-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.i686" }, "product_reference": "cairo-gobject-debuginfo-0:1.15.12-6.el8.i686", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.ppc64le" }, "product_reference": "cairo-gobject-debuginfo-0:1.15.12-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.s390x" }, "product_reference": "cairo-gobject-debuginfo-0:1.15.12-6.el8.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-debuginfo-0:1.15.12-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.x86_64" }, "product_reference": "cairo-gobject-debuginfo-0:1.15.12-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-devel-0:1.15.12-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.aarch64" }, "product_reference": "cairo-gobject-devel-0:1.15.12-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-devel-0:1.15.12-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.i686" }, "product_reference": "cairo-gobject-devel-0:1.15.12-6.el8.i686", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-devel-0:1.15.12-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.ppc64le" }, "product_reference": "cairo-gobject-devel-0:1.15.12-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-devel-0:1.15.12-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.s390x" }, "product_reference": "cairo-gobject-devel-0:1.15.12-6.el8.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-gobject-devel-0:1.15.12-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.x86_64" }, "product_reference": "cairo-gobject-devel-0:1.15.12-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.aarch64" }, "product_reference": "cairo-tools-debuginfo-0:1.15.12-6.el8.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.i686" }, "product_reference": "cairo-tools-debuginfo-0:1.15.12-6.el8.i686", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.ppc64le" }, "product_reference": "cairo-tools-debuginfo-0:1.15.12-6.el8.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.s390x" }, "product_reference": "cairo-tools-debuginfo-0:1.15.12-6.el8.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "cairo-tools-debuginfo-0:1.15.12-6.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.x86_64" }, "product_reference": "cairo-tools-debuginfo-0:1.15.12-6.el8.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-0:0.38.4-2.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.aarch64" }, "product_reference": "pixman-0:0.38.4-2.el8.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-0:0.38.4-2.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.i686" }, "product_reference": "pixman-0:0.38.4-2.el8.i686", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-0:0.38.4-2.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.ppc64le" }, "product_reference": "pixman-0:0.38.4-2.el8.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-0:0.38.4-2.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.s390x" }, "product_reference": "pixman-0:0.38.4-2.el8.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-0:0.38.4-2.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.src" }, "product_reference": "pixman-0:0.38.4-2.el8.src", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-0:0.38.4-2.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.x86_64" }, "product_reference": "pixman-0:0.38.4-2.el8.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-debuginfo-0:0.38.4-2.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.aarch64" }, "product_reference": "pixman-debuginfo-0:0.38.4-2.el8.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-debuginfo-0:0.38.4-2.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.i686" }, "product_reference": "pixman-debuginfo-0:0.38.4-2.el8.i686", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-debuginfo-0:0.38.4-2.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.ppc64le" }, "product_reference": "pixman-debuginfo-0:0.38.4-2.el8.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-debuginfo-0:0.38.4-2.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.s390x" }, "product_reference": "pixman-debuginfo-0:0.38.4-2.el8.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-debuginfo-0:0.38.4-2.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.x86_64" }, "product_reference": "pixman-debuginfo-0:0.38.4-2.el8.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-debugsource-0:0.38.4-2.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.aarch64" }, "product_reference": "pixman-debugsource-0:0.38.4-2.el8.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-debugsource-0:0.38.4-2.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.i686" }, "product_reference": "pixman-debugsource-0:0.38.4-2.el8.i686", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-debugsource-0:0.38.4-2.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.ppc64le" }, "product_reference": "pixman-debugsource-0:0.38.4-2.el8.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-debugsource-0:0.38.4-2.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.s390x" }, "product_reference": "pixman-debugsource-0:0.38.4-2.el8.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-debugsource-0:0.38.4-2.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.x86_64" }, "product_reference": "pixman-debugsource-0:0.38.4-2.el8.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-devel-0:0.38.4-2.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.aarch64" }, "product_reference": "pixman-devel-0:0.38.4-2.el8.aarch64", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-devel-0:0.38.4-2.el8.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.i686" }, "product_reference": "pixman-devel-0:0.38.4-2.el8.i686", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-devel-0:0.38.4-2.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.ppc64le" }, "product_reference": "pixman-devel-0:0.38.4-2.el8.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-devel-0:0.38.4-2.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.s390x" }, "product_reference": "pixman-devel-0:0.38.4-2.el8.s390x", "relates_to_product_reference": "AppStream-8.6.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "pixman-devel-0:0.38.4-2.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.x86_64" }, "product_reference": "pixman-devel-0:0.38.4-2.el8.x86_64", "relates_to_product_reference": "AppStream-8.6.0.GA" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Stephan Bergmann" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2020-35492", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2020-11-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.aarch64", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.i686", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.ppc64le", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.s390x", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.src", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.x86_64", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.aarch64", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.i686", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.ppc64le", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.s390x", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.x86_64", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.aarch64", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.i686", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.ppc64le", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.s390x", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.x86_64", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.aarch64", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.i686", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.ppc64le", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.s390x", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1898396" } ], "notes": [ { "category": "description", "text": "A flaw was found in cairo\u0027s image-compositor.c. This flaw allows an attacker who can provide a crafted input file to cairo\u0027s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -\u003e out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "cairo: libreoffice slideshow aborts with stack smashing in cairo\u0027s composite_boxes", "title": "Vulnerability summary" }, { "category": "other", "text": "Libreoffice as shipped in Red Hat Enterprise Linux 6, 7, and 8 is not affected by this flaw as it was introduced in a newer version. Also note that while the flaw was originally discovered via Libreoffice, the root cause is in the cairo graphics library. This flaw has an adjusted CVSS score for cairo as shipped with Red Hat Enterprise Linux 8 because cairo is built with binary protections which limit the impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.src", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.x86_64" ], "known_not_affected": [ "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.aarch64", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.i686", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.ppc64le", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.s390x", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.src", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.x86_64", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.aarch64", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.i686", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.ppc64le", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.s390x", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.x86_64", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.aarch64", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.i686", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.ppc64le", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.s390x", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.x86_64", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.aarch64", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.i686", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.ppc64le", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.s390x", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-35492" }, { "category": "external", "summary": "RHBZ#1898396", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35492", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35492" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35492", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35492" } ], "release_date": "2020-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-10T14:11:28+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.src", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1961" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.src", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.aarch64", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.i686", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.ppc64le", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.s390x", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.src", "AppStream-8.6.0.GA:pixman-0:0.38.4-2.el8.x86_64", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.aarch64", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.i686", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.ppc64le", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.s390x", "AppStream-8.6.0.GA:pixman-debuginfo-0:0.38.4-2.el8.x86_64", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.aarch64", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.i686", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.ppc64le", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.s390x", "AppStream-8.6.0.GA:pixman-debugsource-0:0.38.4-2.el8.x86_64", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.aarch64", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.i686", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.ppc64le", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.s390x", "AppStream-8.6.0.GA:pixman-devel-0:0.38.4-2.el8.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.src", "AppStream-8.6.0.GA:cairo-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-debuginfo-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-debugsource-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-devel-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-gobject-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-gobject-debuginfo-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-gobject-devel-0:1.15.12-6.el8.x86_64", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.aarch64", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.i686", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.ppc64le", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.s390x", "AppStream-8.6.0.GA:cairo-tools-debuginfo-0:1.15.12-6.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "cairo: libreoffice slideshow aborts with stack smashing in cairo\u0027s composite_boxes" } ] }
gsd-2020-35492
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2020-35492", "description": "A flaw was found in cairo\u0027s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo\u0027s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -\u003e out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.", "id": "GSD-2020-35492", "references": [ "https://www.suse.com/security/cve/CVE-2020-35492.html", "https://advisories.mageia.org/CVE-2020-35492.html", "https://security.archlinux.org/CVE-2020-35492", "https://linux.oracle.com/cve/CVE-2020-35492.html", "https://access.redhat.com/errata/RHSA-2022:1961", "https://ubuntu.com/security/CVE-2020-35492" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-35492" ], "details": "A flaw was found in cairo\u0027s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo\u0027s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -\u003e out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.", "id": "GSD-2020-35492", "modified": "2023-12-13T01:22:00.733228Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-35492", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "cairo", "version": { "version_data": [ { "version_affected": "=", "version_value": "All cairo versions" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A flaw was found in cairo\u0027s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo\u0027s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -\u003e out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-121", "lang": "eng", "value": "CWE-121" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396" }, { "name": "https://security.gentoo.org/glsa/202305-21", "refsource": "MISC", "url": "https://security.gentoo.org/glsa/202305-21" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c1.17.4", "affected_versions": "All versions before 1.17.4", "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-121", "CWE-937" ], "date": "2021-03-25", "description": "A flaw was found in cairo\u0027s `image-compositor.c` in all This flaw allows an attacker who can provide a crafted input file to cairo\u0027s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow.", "fixed_versions": [ "1.17.4" ], "identifier": "CVE-2020-35492", "identifiers": [ "CVE-2020-35492" ], "not_impacted": "All versions starting from 1.17.4", "package_slug": "conan/cairo", "pubdate": "2021-03-18", "solution": "Upgrade to version 1.17.4 or above.", "title": "Stack-based Buffer Overflow", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-35492", "https://bugzilla.redhat.com/show_bug.cgi?id=1898396" ], "uuid": "42b9e0a6-7fd5-4df8-8dcc-bfab3685b981" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:cairographics:cairo:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.17.4", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-35492" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A flaw was found in cairo\u0027s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo\u0027s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -\u003e out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396", "refsource": "MISC", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396" }, { "name": "https://security.gentoo.org/glsa/202305-21", "refsource": "MISC", "tags": [], "url": "https://security.gentoo.org/glsa/202305-21" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } }, "lastModifiedDate": "2023-05-03T12:15Z", "publishedDate": "2021-03-18T19:15Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.