LiveActive security incident?Get immediate response
CVE Record

CVE-2020-35492: A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4.

A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

CVE-2020-35492 is a cairo graphics library flaw that can be triggered when crafted input is processed by an application using cairo. The reported impact includes confidentiality, integrity, and availability, so exposure depends on where cairo handles untrusted files or content.

Executive priority

Prioritize remediation where cairo processes files from users, customers, email, web uploads, or automation pipelines. Lower urgency may be reasonable for isolated systems with no untrusted input path.

Technical view

The issue is a CWE-121 stack buffer overflow in cairo's image-compositor.c affecting versions before 1.17.4. A crafted input file can cause an out-of-bounds write when processed by cairo through a dependent application or service.

Likely exposure

Systems are likely exposed if they run cairo before 1.17.4, especially desktop apps, renderers, document processors, or services that use cairo to process untrusted input files.

Exploitation context

The bundle states exploitation requires crafted input reaching cairo's image compositor, such as a user opening a file or a service processing untrusted content. KEV is false, and no cited source confirms active exploitation.

Researcher notes

Evidence is limited to the CVE description and referenced advisories. No CVSS vector, public exploit confirmation, or KEV listing is provided in the bundle. Treat affected-version and fixed-version interpretation carefully for distributions that backport patches.

Mitigation direction

  • Upgrade cairo to 1.17.4 or a vendor-supported fixed package.
  • Check operating system advisories for backported cairo security fixes.
  • Reduce cairo processing of untrusted files until fixed.
  • Apply sandboxing or isolation around file-rendering workflows where practical.

Validation and detection

  • Inventory installed cairo versions across servers, workstations, containers, and build images.
  • Flag cairo versions earlier than 1.17.4 unless vendor backport documentation confirms a fix.
  • Identify applications and services that process untrusted content through cairo.
  • Review Red Hat, Gentoo, and OS vendor advisories for package-specific status.
Prepared
Confidence
medium
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-121: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2020-35492 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
3Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/acairoAll cairo versionsListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-121 · source CWE mapping

Stack-based Buffer Overflow

Stack-based Buffer Overflow represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.