Fluid Attacks Database

Description

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	cairo	>=0 <1.16.0-1	1.16.0-1
debian 14	cairo	>=0 <1.16.0-1	1.16.0-1
debian 13	cairo	>=0 <1.16.0-1	1.16.0-1
debian 11	cairo	>=0 <1.16.0-1	1.16.0-1
rpm rhel7	cairo	-	-
rpm rhel6	cairo	-	-
rpm rhel5	cairo	-	-

Aliases

1. CVE-2017-98142. NVD-2017-98143. OSV-DEBIAN-2017-98144. OSV-2017-98145. SECURITY-TRACKER-CVE-2017-9814

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.