CVE-2020-35492

N/A

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

N/A

栈缓冲区溢出

cairo 缓冲区错误漏洞

cairo是cairo开源的一个让用于提供矢量图形绘图的自由库。提供在多个背景下做二维空间的绘图，高级的更可以使用硬件加速功能。 cairo 1.17.4之前版本存在缓冲区错误漏洞，攻击者利用该漏洞通过特制文件导致堆栈缓冲区溢出，从而越界写入。

N/A

N/A