CVE-2020-35492 – CVE-2020-35492 is a stack buffer overflow vulne... (How to Fix)

Q: What is the severity of CVE-2020-35492?

CVE-2020-35492 has a CVSS score of 7.8 (HIGH). CVE-2020-35492 is a stack buffer overflow vulnerability in cairo's image-compositor that allows out-of-bounds write operations. Attackers can exploit this by providing crafted input files to applications using cairo, potentially leading to arbitrary code execution. Affected users include anyone running applications that use cairo versions prior to 1.17.4 for image processing.

📋 TL;DR

CVE-2020-35492 is a stack buffer overflow vulnerability in cairo's image-compositor that allows out-of-bounds write operations. Attackers can exploit this by providing crafted input files to applications using cairo, potentially leading to arbitrary code execution. Affected users include anyone running applications that use cairo versions prior to 1.17.4 for image processing.

💻 Affected Systems

Products:

cairo graphics library
Applications using cairo for image processing

Versions: All versions prior to 1.17.4

Operating Systems: Linux, Unix-like systems, Any OS with cairo library

Default Config Vulnerable: ⚠️ Yes

Notes: Applications must use cairo's image-compositor functionality on untrusted input to be vulnerable.

📦 What is this software?

Cairo by Cairographics

View all CVEs affecting Cairo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with arbitrary code execution, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Application crash leading to denial of service, with potential for limited code execution in the context of the vulnerable application.

🟢

If Mitigated

Application crash without code execution if exploit attempts are detected or mitigated by security controls.

🌐 Internet-Facing: MEDIUM - Exploitation requires user interaction to open malicious files, but web applications processing untrusted images could be vulnerable.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious files, but requires social engineering or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the attacker to provide a crafted input file to a vulnerable application, typically requiring user interaction or application processing of untrusted content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.17.4 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1898396

Restart Required: Yes

Instructions:

1. Update cairo to version 1.17.4 or later using your system package manager. 2. Restart affected applications. 3. For Linux: Use 'sudo apt update && sudo apt upgrade libcairo2' (Debian/Ubuntu) or 'sudo yum update cairo' (RHEL/CentOS).

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict input validation for image files processed by applications using cairo

Application sandboxing

linux

Run applications using cairo in sandboxed environments with limited privileges

firejail --net=none --private application_name

🧯 If You Can't Patch

Implement strict file upload restrictions and validation for applications processing images
Use application allowlisting to prevent execution of untrusted applications that might process malicious files

🔍 How to Verify

Check if Vulnerable:

Check cairo version with 'pkg-config --modversion cairo' or 'dpkg -l | grep libcairo2' on Debian/Ubuntu, 'rpm -q cairo' on RHEL/CentOS

Check Version:

pkg-config --modversion cairo

Verify Fix Applied:

Verify cairo version is 1.17.4 or later using the same commands

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults when processing image files
Unexpected memory access errors in application logs

Network Indicators:

Unusual file uploads to web applications using cairo for image processing

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "SIGSEGV") AND process="*cairo*"

📊 Metadata

CVE ID: CVE-2020-35492

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: March 18, 2021

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=1898396 Issue Tracking,Patch,Third Party Advisory
https://security.gentoo.org/glsa/202305-21
https://bugzilla.redhat.com/show_bug.cgi?id=1898396 Issue Tracking,Patch,Third Party Advisory
https://security.gentoo.org/glsa/202305-21

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35492, you might also want to check these: