CVE-2016-9082

Priority
Description
Integer overflow in the write_png function in cairo 1.14.6 allows remote
attackers to cause a denial of service (invalid pointer dereference) via a
large svg file.
Notes
Package
Source: cairo (LP Ubuntu Debian)
Upstream:released (1.14.6-1.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.14.6-1.1)
Ubuntu 19.04 (Disco Dingo):not-affected (1.14.6-1.1)
Ubuntu 19.10 (Eoan Ermine):not-affected (1.14.6-1.1)
Ubuntu 20.04 (Focal Fossa):not-affected (1.14.6-1.1)
Patches:
Upstream:https://cgit.freedesktop.org/cairo/commit/?id=38fbe621cf80d560cfc27b54b5417b62cda64c8a
More Information

Updated: 2019-12-05 19:34:28 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)