Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-191,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pixman | pixman | * |
| debian | debian_linux | 7.0 |
| opensuse | opensuse | 12.2 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 14.10 |
| opensuse | opensuse | 12.3 |
| canonical | ubuntu_linux | 12.04 |
| opensuse | opensuse | 13.1 |
| debian | debian_linux | 6.0 |
Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-191,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| opensuse | opensuse | 12.3 |
| redhat | enterprise_linux_server_aus | 6.5 |
| canonical | ubuntu_linux | 13.10 |
| canonical | ubuntu_linux | 12.04 |
| redhat | enterprise_linux_workstation | 5.0 |
| opensuse | opensuse | 13.1 |
| redhat | enterprise_linux_eus | 6.5 |
| redhat | enterprise_linux_server | 5.0 |
| canonical | ubuntu_linux | 13.04 |
| canonical | ubuntu_linux | 12.10 |
| redhat | enterprise_linux_desktop | 6.0 |
| pixman | pixman | * |
| opensuse | opensuse | 12.2 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server_tus | 6.5 |
| opensuse | opensuse | 11.4 |
| debian | debian_linux | 6.0 |
| redhat | enterprise_linux_desktop | 5.0 |
| redhat | enterprise_linux_server | 6.0 |
Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pixman | pixman | * |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 12.04 |
An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pixman | pixman | * |
In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 11.0 |
| debian | debian_linux | 10.0 |
| pixman | pixman | * |
| fedoraproject | fedora | 36 |
| fedoraproject | fedora | 35 |
| fedoraproject | fedora | 37 |
stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pixman | pixman | - |