CVE-2017-9814

Опубликовано: 17 июл. 2017

Источник: debian

EPSS Низкий

Описание

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
cairo	fixed	1.16.0-1		package
cairo	no-dsa		stretch	package
cairo	no-dsa		jessie	package
cairo	no-dsa		wheezy	package

Примечания

https://bugs.freedesktop.org/show_bug.cgi?id=101547
https://gitlab.freedesktop.org/cairo/cairo/issues/264
https://gitlab.freedesktop.org/cairo/cairo/-/commit/199823938780c8e50099b627d3e9137acba7a263 (1.15.14)

EPSS

Процентиль: 57%

0.00358

Низкий

Связанные уязвимости

CVE-2017-9814

CVSS3: 7.5

ubuntu

больше 8 лет назад

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

CVE-2017-9814

CVSS3: 3.3

redhat

больше 8 лет назад

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

CVE-2017-9814

CVSS3: 7.5

nvd

больше 8 лет назад

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

openSUSE-SU-2020:1003-1

suse-cvrf

больше 5 лет назад

Security update for cairo

openSUSE-SU-2018:1895-1

suse-cvrf

больше 7 лет назад

Security update for cairo

EPSS

Процентиль: 57%

0.00358

Низкий