Bug 1898396 (CVE-2020-35492)
Summary: | CVE-2020-35492 cairo: libreoffice slideshow aborts with stack smashing in cairo's composite_boxes | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Todd Cullum <tcullum> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | ajax, caillon+fedoraproject, caolanm, dtardon, erack, gnome-sig, mcatanza, mclasen, mkasik, otte, rhughes, rstrode, sbergman, security-response-team, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in cairo's image-compositor.c. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-11 20:46:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1908113, 1911335, 1911336, 1911486 | ||
Bug Blocks: | 1898175, 1940003 |
Description
Todd Cullum
2020-11-16 23:22:17 UTC
Upstream commit (includes test): https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/85/diffs?commit_id=03a820b173ed1fdef6ff14b4468f5dbc02ff59be Acknowledgments: Name: Stephan Bergmann (Red Hat) Created cairo tracking bugs for this issue: Affects: fedora-all [bug 1911335] Created libreoffice tracking bugs for this issue: Affects: fedora-all [bug 1911336] Statement: Libreoffice as shipped in Red Hat Enterprise Linux 6, 7, and 8 is not affected by this flaw as it was introduced in a newer version. Also note that while the flaw was originally discovered via Libreoffice, the root cause is in the cairo graphics library. This flaw has an adjusted CVSS score for cairo as shipped with Red Hat Enterprise Linux 8 because cairo is built with binary protections which limit the impact. Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Upstream issue: https://gitlab.freedesktop.org/cairo/cairo/-/issues/437 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1961 https://access.redhat.com/errata/RHSA-2022:1961 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-35492 |