UBUNTU-CVE-2017-9814

cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.

References

Affected packages

Ubuntu:Pro:16.04:LTS / cairo

Package

Name: cairo
Purl: pkg:deb/ubuntu/cairo@1.14.6-1ubuntu0.1~esm1?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.6-1ubuntu0.1~esm1

Affected versions

1.*

1.14.2-2ubuntu2

1.14.4-1

1.14.6-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "cairo-perf-utils",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "cairo-perf-utils-dbgsym",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcairo-gobject2",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcairo-gobject2-dbgsym",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcairo-script-interpreter2",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcairo-script-interpreter2-dbgsym",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcairo2",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcairo2-dbg",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcairo2-dbgsym",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcairo2-dev",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcairo2-dev-dbgsym",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcairo2-doc",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcairo2-udeb",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        },
        {
            "binary_name": "libcairo2-udeb-dbgsym",
            "binary_version": "1.14.6-1ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / cairo

Package

Name: cairo
Purl: pkg:deb/ubuntu/cairo@1.15.10-2ubuntu0.1?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.14.10-1ubuntu1

1.15.8-2

1.15.8-3

1.15.10-2

1.15.10-2ubuntu0.1

Ubuntu:Pro:20.04:LTS / cairo

Package

Name: cairo
Purl: pkg:deb/ubuntu/cairo@1.16.0-4ubuntu1?arch=source&distro=esm-infra/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.16.0-4

1.16.0-4ubuntu1

Ubuntu:22.04:LTS / cairo

Package

Name: cairo
Purl: pkg:deb/ubuntu/cairo@1.16.0-5ubuntu2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.16.0-5ubuntu1

1.16.0-5ubuntu2

Ubuntu:24.04:LTS / cairo

Package

Name: cairo
Purl: pkg:deb/ubuntu/cairo@1.18.0-3build1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.18.0-1

1.18.0-1ubuntu1

1.18.0-3

1.18.0-3build1