Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2024-2447
HistoryJul 09, 2024 - 12:38 p.m.

Advisory ROSA-SA-2024-2447

2024-07-0912:38:26
ROSA LAB
abf.rosalinux.ru
5
cairo 1.16.0
rosa-chrome
assertion problem
infinite loop
memory free
vulnerability patch

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

JSON

software: cairo 1.16.0
WASP: ROSA-CHROME

package_evr_string: cairo-1.16.0-5

CVE-ID: CVE-2019-6461
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: There is an assertion problem in the _cairo_arc_in_direction function in the cairo-arc.c file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update cairo

CVE-ID: CVE-2019-6462
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: There is an infinite loop in the _arc_error_normalized function in cairo-arc.c associated with _arc_max_angle_for_tolerance_normalized.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update cairo

CVE-ID: CVE-2018-19876
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: cairo 1.16.0 in cairo_ft_apply_variations() in cairo-ft_apply_variations() in cairo-ft-font.c freed memory using a free function incompatible with WebKit’s fastMalloc, causing the application to crash with the error “free(): invalid pointer”.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update cairo

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchcairo< 1.16.0UNKNOWN

Related

nessus 24
photon 6
openvas 13
gentoo 1
cvelist 3
alpinelinux 3
prion 3
archlinux 1
redhatcve 3
fedora 1
ubuntucve 3
osv 4
debiancve 3
cve 3
cbl_mariner 3
nvd 3
veracode 2
mageia 1
altlinux 1
ubuntu 1
ibm 1
kitploit 1
nessus
nessus
RHEL 8 : cairo (Unpatched Vulnerability)
2024-06-03 00:00:00
Photon OS 2.0: Cairo PHSA-2019-2.0-0145
2024-07-23 00:00:00
Photon OS 1.0: Cairo PHSA-2019-1.0-0220
2019-05-15 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0145
2019-03-28 00:00:00
Moderate Photon OS Security Update - PHSA-2019-0145
2019-03-28 00:00:00
Important Photon OS Security Update - PHSA-2019-0008
2019-03-29 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for cairo (EulerOS-SA-2020-2057)
2020-09-29 00:00:00
Huawei EulerOS: Security Advisory for cairo (EulerOS-SA-2020-2540)
2020-12-15 00:00:00
Huawei EulerOS: Security Advisory for cairo (EulerOS-SA-2021-1461)
2021-03-05 00:00:00
gentoo
gentoo
Cairo: Multiple Vulnerabilities
2024-08-07 00:00:00
cvelist
cvelist
CVE-2018-19876
2022-10-03 16:21:55
CVE-2019-6461
2019-01-16 18:00:00
CVE-2019-6462
2019-01-16 18:00:00
alpinelinux
alpinelinux
CVE-2018-19876
2022-10-03 16:21:55
CVE-2019-6461
2019-01-16 18:29:00
CVE-2019-6462
2019-01-16 18:29:00
prion
prion
Memory corruption
2018-12-05 20:29:00
Design/Logic Flaw
2019-01-16 18:29:00
Design/Logic Flaw
2019-01-16 18:29:00
archlinux
archlinux
[ASA-201902-19] cairo: arbitrary code execution
2019-02-17 00:00:00
redhatcve
redhatcve
CVE-2018-19876
2018-12-21 10:19:23
CVE-2019-6461
2020-04-06 16:57:21
CVE-2019-6462
2020-03-31 08:23:45
fedora
fedora
[SECURITY] Fedora 29 Update: cairo-1.16.0-3.fc29
2018-12-10 02:32:06
ubuntucve
ubuntucve
CVE-2018-19876
2018-12-05 00:00:00
CVE-2019-6461
2019-01-16 00:00:00
CVE-2019-6462
2019-01-16 00:00:00
osv
osv
CVE-2018-19876
2018-12-05 20:29:00
CVE-2019-6461
2019-01-16 18:29:00
CVE-2019-6462
2019-01-16 18:29:00
debiancve
debiancve
CVE-2018-19876
2022-10-03 16:21:55
CVE-2019-6461
2019-01-16 18:29:00
CVE-2019-6462
2019-01-16 18:29:00
cve
cve
CVE-2018-19876
2022-10-03 16:21:55
CVE-2019-6461
2019-01-16 18:29:00
CVE-2019-6462
2019-01-16 18:29:00
cbl_mariner
cbl_mariner
CVE-2018-19876 affecting package cairo 1.16.0-5
2020-11-30 19:31:01
CVE-2019-6461 affecting package cairo 1.16.0-5
2021-05-06 23:57:13
CVE-2019-6462 affecting package cairo 1.16.0-5
2021-05-06 23:57:13
nvd
nvd
CVE-2018-19876
2018-12-05 20:29:00
CVE-2019-6461
2019-01-16 18:29:00
CVE-2019-6462
2019-01-16 18:29:00
veracode
veracode
Denial Of Service (DoS)
2019-01-17 05:10:04
Denial Of Service (DoS)
2019-01-17 04:55:57
mageia
mageia
Updated cairo packages fix security vulnerability
2021-10-29 22:32:22
altlinux
altlinux
Security fix for the ALT Linux 10 package libcairo version 1:1.16.0-alt2
2023-01-06 00:00:00
ubuntu
ubuntu
Cairo vulnerabilities
2022-05-10 00:00:00
ibm
ibm
Security Bulletin: IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities
2022-11-01 18:28:47
kitploit
kitploit
Master_Librarian - A Simple Tool To Audit Unix/*BSD/Linux System Libraries To Find Public Security Vulnerabilities
2022-03-09 20:30:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

JSON
Related for ROSA-SA-2024-2447
nessus24photon6openvas13gentoo1cvelist3alpinelinux3prion3archlinux1redhatcve3fedora1ubuntucve3osv4debiancve3cve3cbl_mariner3nvd3veracode2mageia1altlinux1ubuntu1ibm1kitploit1