Ubuntu update for cairo
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2016-9082 CVE-2017-9814 CVE-2019-6462 CVE-2020-35492 |
| CWE-ID | CWE-190 CWE-125 CWE-835 CWE-121 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system libcairo2 (Ubuntu package) Operating systems & Components / Operating system package or component cairo-perf-utils (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU13197
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-9082
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to integer overflow in the write_png function. A remote attacker can send a specially crafted large svg file, trigger invalid pointer dereference and cause the service to crash.
MitigationUpdate the affected package cairo to the latest version.
Vulnerable software versionsUbuntu: 16.04
libcairo2 (Ubuntu package): before 1.14.61u buntu0.1~esm1
cairo-perf-utils (Ubuntu package): before 1.14.61u buntu0.1~esm1
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libcairo2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:cairo-perf-utils_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5407-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU12616
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-9814
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in cairo-truetype-subset.c due to out-of-bounds read because of mishandling of an unexpected malloc(0) call. A remote attacker can cause the service to crash.
Update the affected package cairo to the latest version.
Vulnerable software versionsUbuntu: 16.04
libcairo2 (Ubuntu package): before 1.14.61u buntu0.1~esm1
cairo-perf-utils (Ubuntu package): before 1.14.61u buntu0.1~esm1
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libcairo2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:cairo-perf-utils_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5407-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Infinite loop
EUVDB-ID: #VU17099
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-6462
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationUpdate the affected package cairo to the latest version.
Vulnerable software versionsUbuntu: 16.04
libcairo2 (Ubuntu package): before 1.14.61u buntu0.1~esm1
cairo-perf-utils (Ubuntu package): before 1.14.61u buntu0.1~esm1
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libcairo2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:cairo-perf-utils_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5407-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Stack-based buffer overflow
EUVDB-ID: #VU52196
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-35492
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
MitigationUpdate the affected package cairo to the latest version.
Vulnerable software versionsUbuntu: 16.04
libcairo2 (Ubuntu package): before 1.14.61u buntu0.1~esm1
cairo-perf-utils (Ubuntu package): before 1.14.61u buntu0.1~esm1
CPE2.3- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:libcairo2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:cairo-perf-utils_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-5407-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
