Bugzilla – Bug 889495
VUL-1: CVE-2014-5116: cairo: NULL pointer dereference in cairo_image_surface_get_data()
Last modified: 2020-04-01 22:11:32 UTC
CVE-2014-5116 The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string. References: https://bugzilla.redhat.com/show_bug.cgi?id=1124500 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5116 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9761 http://www.osvdb.org/107083 http://www.exploit-db.com/exploits/33384
Initial collection of versions used inside openSUSE releases (not conclusive yet which versions are affected). openSUSE:Factory => 1.12.16 openSUSE:13.1 => 1.12.16 openSUSE:12.3 => 1.12.8 openSUSE:12.2 => 1.12.2 openSUSE:12.1 => 1.10.2 Hence, if the original statement of '1.10.2' being affected then that would translate to openSUSE:12.1 (EOL). But, as said: it's not yet known if the vulnerability exists in 1.12.x
bugbot adjusting priority
as its a abort only. and usually the user program should take care, I would close this issue as "not for cairo to fix"