LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2013-6424 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6424 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2013-6425 CVE STATUS: Patched CVE SUMMARY: Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. CVSS v2 BASE SCORE: 5.0 CVSS v3 BASE SCORE: 0.0 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:N/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2013-6425 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2014-9766 CVE STATUS: Patched CVE SUMMARY: Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 9.8 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9766 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2015-5297 CVE STATUS: Patched CVE SUMMARY: An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code. CVSS v2 BASE SCORE: 7.5 CVSS v3 BASE SCORE: 6.7 VECTOR: NETWORK VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2015-5297 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2022-44638 CVE STATUS: Patched CVE SUMMARY: In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 8.8 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-44638 LAYER: meta PACKAGE NAME: pixman PACKAGE VERSION: 1_0.42.2 CVE: CVE-2023-37769 CVE STATUS: Ignored CVE DETAIL: not-applicable-config CVE DESCRIPTION: stress-test is an uninstalled test CVE SUMMARY: stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c. CVSS v2 BASE SCORE: 0.0 CVSS v3 BASE SCORE: 6.5 VECTOR: NETWORK VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2023-37769