Bug 1007255 - (CVE-2016-9082) VUL-0: CVE-2016-9082: cairo: Out-of-bounds write due to invalid pointers
(CVE-2016-9082)
VUL-0: CVE-2016-9082: cairo: Out-of-bounds write due to invalid pointers
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/174167/
CVSSv2:SUSE:CVE-2016-9082:6.8:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-27 11:11 UTC by Johannes Segitz
Modified: 2020-06-18 19:32 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 Swamp Workflow Management 2016-10-27 22:01:19 UTC
bugbot adjusting priority
Comment 4 Antonio Larrosa 2017-06-20 14:29:53 UTC
The svg file used to reproduce the crash in the bug report doesn't work in cairo 1.8.8 since it can't parse the file correctly. Anyway the bug is there, so I've backported the patch (or the parts that made sense in such and old version).


SLE11-SP1 sr : https://build.suse.de/request/show/134478
SLE12-SP2 sr : https://build.suse.de/request/show/134453
Factory sr : https://build.opensuse.org/request/show/505069
Comment 5 Swamp Workflow Management 2017-06-26 10:12:04 UTC
SUSE-SU-2017:1671-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1007255,1036789
CVE References: CVE-2016-9082,CVE-2017-7475
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    cairo-1.15.2-24.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    cairo-1.15.2-24.1
SUSE Linux Enterprise Server 12-SP2 (src):    cairo-1.15.2-24.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    cairo-1.15.2-24.1
Comment 6 Antonio Larrosa 2017-06-27 14:29:50 UTC
The fix was already released
Comment 7 Antonio Larrosa 2017-06-27 15:48:19 UTC
Reopening and reassigning to security-team so they can close the issue
Comment 8 Swamp Workflow Management 2017-07-06 19:10:47 UTC
openSUSE-SU-2017:1799-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1007255,1036789
CVE References: CVE-2016-9082,CVE-2017-7475
Sources used:
openSUSE Leap 42.2 (src):    cairo-1.15.2-5.3.1
Comment 9 Marcus Meissner 2018-02-12 21:05:12 UTC
released
Comment 13 Swamp Workflow Management 2018-05-28 19:09:26 UTC
SUSE-SU-2018:1453-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1007255,1036789,1049092
CVE References: CVE-2016-9082,CVE-2017-7475,CVE-2017-9814
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    cairo-1.8.8-2.3.7.1
SUSE Linux Enterprise Server 11-SP4 (src):    cairo-1.8.8-2.3.7.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    cairo-1.8.8-2.3.7.1