LAYER: meta
PACKAGE NAME: pixman
PACKAGE VERSION: 1_0.42.2
CVE: CVE-2013-6424
CVE STATUS: Patched
CVE SUMMARY: Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6424

LAYER: meta
PACKAGE NAME: pixman
PACKAGE VERSION: 1_0.42.2
CVE: CVE-2013-6425
CVE STATUS: Patched
CVE SUMMARY: Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.
CVSS v2 BASE SCORE: 5.0
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6425

LAYER: meta
PACKAGE NAME: pixman
PACKAGE VERSION: 1_0.42.2
CVE: CVE-2014-9766
CVE STATUS: Patched
CVE SUMMARY: Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 9.8
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9766

LAYER: meta
PACKAGE NAME: pixman
PACKAGE VERSION: 1_0.42.2
CVE: CVE-2015-5297
CVE STATUS: Patched
CVE SUMMARY: An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 6.7
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5297

LAYER: meta
PACKAGE NAME: pixman
PACKAGE VERSION: 1_0.42.2
CVE: CVE-2022-44638
CVE STATUS: Patched
CVE SUMMARY: In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.8
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44638

LAYER: meta
PACKAGE NAME: pixman
PACKAGE VERSION: 1_0.42.2
CVE: CVE-2023-37769
CVE STATUS: Ignored
CVE DETAIL: not-applicable-config
CVE DESCRIPTION: stress-test is an uninstalled test
CVE SUMMARY: stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 6.5
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37769