Fluid Attacks Database

Description

The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	cairo	>=0 <1.14.2-2	1.14.2-2
debian 12	cairo	>=0 <1.14.2-2	1.14.2-2
debian 13	cairo	>=0 <1.14.2-2	1.14.2-2
debian 14	cairo	>=0 <1.14.2-2	1.14.2-2
rpm rhel7	glib-networking	<0:2.42.0-1.el7	0:2.42.0-1.el7
rpm rhel7	json-glib	<0:1.0.2-1.el7	0:1.0.2-1.el7
rpm rhel7	glib2	<0:2.42.2-5.el7	0:2.42.2-5.el7
rpm rhel7	gobject-introspection	<0:1.42.0-1.el7	0:1.42.0-1.el7
rpm rhel7	dconf	<0:0.22.0-2.el7	0:0.22.0-2.el7
rpm rhel7	gtk2	<0:2.24.28-8.el7	0:2.24.28-8.el7

1-10 of 25

Aliases

1. CVE-2016-31902. NVD-2016-31903. OSV-DEBIAN-2016-31904. OSV-2016-31905. SECURITY-TRACKER-CVE-2016-3190

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.