Cairo

This hub aggregates every CVE we track for Cairo, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 13 most recently published vulnerabilities affecting Cairo.

• CVE-2025-50422Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.2.9Aug 4, 2025
• BDU:2022-06695Уязвимость функции find_name() графической библиотеки Cairo, позволяющая нарушителю вызвать отказ в обслуживании5.9Nov 10, 2022
• CVE-2020-35492A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convin...7.8Mar 18, 2021
• CVE-2019-6461An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.6.5Jan 16, 2019
• CVE-2019-6462An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.6.5Jan 16, 2019
• CVE-2018-19876cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): inval...6.5Dec 5, 2018
• CVE-2018-18064cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the genera...6.5Oct 8, 2018
• CVE-2017-9814cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.7.5Jul 14, 2017
• CVE-2017-7475Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.5.5May 19, 2017
• CVE-2016-9082Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.5.5Feb 3, 2017
• CVE-2016-3190The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a n...7.5Apr 21, 2016
• CVE-2014-5116The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.5.0Jul 29, 2014
• CVE-2007-5503Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not ...6.8Nov 30, 2007