CVE-2016-9082

Priority
Description
Integer overflow in the write_png function in cairo 1.14.6 allows remote
attackers to cause a denial of service (invalid pointer dereference) via a
large svg file.
Notes
Package
Source: cairo (LP Ubuntu Debian)
Upstream:released (1.14.6-1.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.14.6-1.1)
Ubuntu 19.10 (Eoan Ermine):not-affected (1.14.6-1.1)
Ubuntu 20.04 (Focal Fossa):not-affected (1.14.6-1.1)
Patches:
Upstream:https://cgit.freedesktop.org/cairo/commit/?id=38fbe621cf80d560cfc27b54b5417b62cda64c8a
More Information

Updated: 2020-04-24 03:34:06 UTC (commit d3f8a6ed481830fb100109a132bef581fc4176fe)