CVE-2018-18064

MEDIUM

cairo <= 1.15.14 - Out-of-bounds Write in Rectangular Scan Converter

Title source: llm
STIX 2.1

Description

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0148
EPSS Percentile 70.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-787
Status published
Products (1)
cairographics/cairo < 1.15.14
Published Oct 08, 2018
Tracked Since Feb 18, 2026