Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in x11-libs/cairo |
||||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: x11-libs/cairo Package Version: [cpe:/a:cairographics:cairo:1.12.12] Advisory: CVE-2013-0800 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2013-0800 CVSS severity score: 9.3/10.0 Confidence: high Description: Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.
,
Sep 21 2017
Vomit apparently failed to figure out the affected cairo version and just decided we must be vulnerable. The commit [1] that fixes this per [2] landed on 1.9.5 [3]. [1] https://hg.mozilla.org/releases/mozilla-beta/rev/f47fc0d38ede [2] https://bugzilla.mozilla.org/show_bug.cgi?id=825721 [3] https://hg.mozilla.org/releases/mozilla-beta/file/f47fc0d38ede/gfx/cairo/cairo/src/cairo-features.h.in
,
Sep 21 2017
,
Dec 28 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by palmer@chromium.org
, Sep 20 2017Components: OS>Kernel>Graphics
Owner: mnissler@chromium.org
Status: Assigned (was: Untriaged)