A buffer overflow vulnerability has been discovered in Cairo which could result in denial of service.
|Package||x11-libs/cairo on all architectures|
|Affected versions||< 1.17.6|
|Unaffected versions||>= 1.17.6|
Cairo is a 2D vector graphics library with cross-device output support.
An attacker with the ability to provide input to Cairo's image-compositor can cause a buffer overwrite.
Malicious input to Cairo's image-compositor can result in denial of service of the application using such Cairo functionality.
There is no known workaround at this time.
All Cairo users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/cairo-1.17.6"
May 03, 2023
May 03, 2023: 1