Cairo up to 1.15.14 WebKitGTK+ cairo-rectangular-scan-converter.c _cairo_image_spans_and_zero memory corruption

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Cairo up to 1.15.14. Affected by this vulnerability is the function _cairo_image_spans_and_zero of the file cairo-rectangular-scan-converter.c of the component WebKitGTK+. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
836374503/31/2020VulD...discoverydate153895680003/31/2020accepted100
836379610/09/2018VulD...cvss3_nvd_basescore6.5nist.gov10/09/2018accepted90
836379510/09/2018VulD...cvss3_vuldb_rcX10/09/2018accepted90
836379410/09/2018VulD...cvss3_vuldb_rlX10/09/2018accepted90
836379310/09/2018VulD...cvss3_vuldb_eX10/09/2018accepted90
836379210/09/2018VulD...cvss2_vuldb_rcND10/09/2018accepted90
836379110/09/2018VulD...cvss2_vuldb_rlND10/09/2018accepted90
836379010/09/2018VulD...cvss2_vuldb_eND10/09/2018accepted90
836378910/09/2018VulD...locationWebsite10/09/2018accepted90
836378810/09/2018VulD...cve_nvd_summarycairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).mitre.org10/09/2018accepted100
836378710/09/2018VulD...cve_nvd_published1538956800mitre.org10/09/2018accepted100
836378610/09/2018VulD...cve_assigned1538949600mitre.org10/09/2018accepted100
836378510/09/2018VulD...cveCVE-2018-18064mitre.org10/09/2018accepted100
836378410/09/2018VulD...price_0day$0-$5ksee documentation10/09/2018accepted100
836378310/09/2018VulD...urlhttps://gitlab.freedesktop.org/cairo/cairo/issues/341gitlab.freedesktop.org10/09/2018accepted100
836378210/09/2018VulD...date1538949600 (10/08/2018)10/09/2018accepted100
836378110/09/2018VulD...cvss3_nvd_aHnist.gov10/09/2018accepted100
836378010/09/2018VulD...cvss3_nvd_iNnist.gov10/09/2018accepted100
836377910/09/2018VulD...cvss3_nvd_cNnist.gov10/09/2018accepted100
836377810/09/2018VulD...cvss3_nvd_sUnist.gov10/09/2018accepted100

Want to stay up to date on a daily basis?

Enable the mail alert feature now!