CVE-2020-35492: Stack-based Buffer Overflow

March 18, 2021 (updated March 25, 2021)

A flaw was found in cairo’s image-compositor.c in all This flaw allows an attacker who can provide a crafted input file to cairo’s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow.

References

bugzilla.redhat.com/show_bug.cgi?id=1898396
nvd.nist.gov/vuln/detail/CVE-2020-35492

Code Behaviors & Features

Detect and mitigate CVE-2020-35492 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →