CVE-2020-35492 - OpenCVE

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cairographics	Cairo

Configuration 1 [-]

cpe:2.3:a:cairographics:cairo:*:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1898396	Issue Tracking Patch Third Party Advisory
https://security.gentoo.org/glsa/202305-21

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2021-03-18T18:59:41

Updated: 2021-03-18T18:59:41

Reserved: 2020-12-17T00:00:00

Link: CVE-2020-35492

JSON object: View

NVD Information

Status : Modified

Published: 2021-03-18T19:15:13.230

Modified: 2023-05-03T12:15:15.287

Link: CVE-2020-35492

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cairographics:cairo:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1FD4423-56E7-439A-B8B0-3D586F6B71A3", "versionEndExcluding": "1.17.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en el archivo image-compositor.c de cairo en todas las versiones anteriores a 1.17.4. Este fallo permite a un atacante que puede proporcionar un archivo de entrada dise\u00f1ado al compositor de im\u00e1genes de cairo (por ejemplo, convenciendo a un usuario de abrir un archivo en una aplicaci\u00f3n usando cairo, o si la aplicaci\u00f3n usa cairo en una entrada que no es confiable) para causar un desbordamiento de b\u00fafer de la pila. -) ESCRITURA fuera de l\u00edmites. El mayor impacto de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema"}], "id": "CVE-2020-35492", "lastModified": "2023-05-03T12:15:15.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-18T19:15:13.230", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898396"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202305-21"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "secalert@redhat.com", "type": "Secondary"}]}