A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.
{
"sources": [
{
"html_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35492",
"modified": "2026-06-17T03:13:48.247Z",
"published": "2021-03-18T19:15:13.230Z",
"url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2020-35492",
"imported": "2026-07-17T20:40:38.573Z",
"id": "CVE-2020-35492",
"database_specific": {
"status": "Modified"
}
}
],
"license": "CC-BY-4.0"
}