{"schema_version":"1.7.2","id":"OESA-2021-1155","modified":"2021-05-06T11:02:50Z","published":"2021-05-06T11:02:50Z","upstream":["CVE-2020-35492"],"summary":"cairo security update","details":"\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in cairo\u0026apos;s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo\u0026apos;s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -\u0026gt; out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35492)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"cairo","purl":"pkg:rpm/openEuler/cairo\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.0-3.oe1"}]}],"ecosystem_specific":{"aarch64":["cairo-debuginfo-1.16.0-3.oe1.aarch64.rpm","cairo-debugsource-1.16.0-3.oe1.aarch64.rpm","cairo-1.16.0-3.oe1.aarch64.rpm","cairo-devel-1.16.0-3.oe1.aarch64.rpm"],"src":["cairo-1.16.0-3.oe1.src.rpm"],"x86_64":["cairo-debuginfo-1.16.0-3.oe1.x86_64.rpm","cairo-debugsource-1.16.0-3.oe1.x86_64.rpm","cairo-devel-1.16.0-3.oe1.x86_64.rpm","cairo-1.16.0-3.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1155"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35492"}],"database_specific":{"severity":"High"}}