CVE-2020-35492 - Vulnerability Details - OpenCVE

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cairographics	Cairo
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:cairographics:cairo:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
cairo-0:1.15.12-6.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2022:1961	2022-05-10T00:00:00Z

References

Link	Providers
https://bugzilla.redhat.com/show_bug.cgi?id=1898396
https://nvd.nist.gov/vuln/detail/CVE-2020-35492
https://security.gentoo.org/glsa/202305-21
https://www.cve.org/CVERecord?id=CVE-2020-35492

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-03-18T18:59:41.000Z

Updated: 2025-02-13T16:27:43.741Z

Reserved: 2020-12-17T00:00:00.000Z

Link: CVE-2020-35492

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-03-18T19:15:13.230

Modified: 2024-11-21T05:27:24.803

Link: CVE-2020-35492

Redhat

Severity : Moderate

Publid Date: 2020-12-28T00:00:00Z

Links: CVE-2020-35492 - Bugzilla

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cairographics:cairo:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1FD4423-56E7-439A-B8B0-3D586F6B71A3", "versionEndExcluding": "1.17.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en el archivo image-compositor.c de cairo en todas las versiones anteriores a 1.17.4. Este fallo permite a un atacante que puede proporcionar un archivo de entrada dise\u00f1ado al compositor de im\u00e1genes de cairo (por ejemplo, convenciendo a un usuario de abrir un archivo en una aplicaci\u00f3n usando cairo, o si la aplicaci\u00f3n usa cairo en una entrada que no es confiable) para causar un desbordamiento de b\u00fafer de la pila. -) ESCRITURA fuera de l\u00edmites. El mayor impacto de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema"}], "id": "CVE-2020-35492", "lastModified": "2024-11-21T05:27:24.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-18T19:15:13.230", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202305-21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202305-21"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Stephan Bergmann (Red Hat).", "affected_release": [{"advisory": "RHSA-2022:1961", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "cairo-0:1.15.12-6.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}], "bugzilla": {"description": "cairo: libreoffice slideshow aborts with stack smashing in cairo's composite_boxes", "id": "1898396", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-121->CWE-787", "details": ["A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.", "A flaw was found in cairo's image-compositor.c. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-35492", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "cairo", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "cairo", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "cairo", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libreoffice", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "cairo", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2020-12-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-35492\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35492"], "statement": "Libreoffice as shipped in Red Hat Enterprise Linux 6, 7, and 8 is not affected by this flaw as it was introduced in a newer version. Also note that while the flaw was originally discovered via Libreoffice, the root cause is in the cairo graphics library. This flaw has an adjusted CVSS score for cairo as shipped with Red Hat Enterprise Linux 8 because cairo is built with binary protections which limit the impact.", "threat_severity": "Moderate"}