Cairo WebKitGTK+ Document Processing Out-of-Bounds Stack-Memory Write Vulnerability



A vulnerability in the WebKitGTK+ component of Cairo could allow an unauthenticated, remote attacker to trigger an out-of-bounds stack-memory write condition on a targeted system.

The vulnerability is due to improper memory operations performed by the affected software during the processing of documents by the WebKitGTK+ component. These operations are related to the interaction between the _cairo_image_spans_and_zero function, as defined in the cairo-image-compositor.c file, and the generate and render_rows functions, as defined in the cairo-rectangular-scan-converter.c file. An attacker could exploit this vulnerability by persuading a user to access a document that submits malicious input to the targeted system. A successful exploit could trigger an out-of-bounds stack-memory write condition that the attacker could use to cause the affected software to crash, resulting in a denial of service (DoS) condition.

Cairo has not confirmed the vulnerability, and software updates are not available.

Security Impact Rating: Medium

CVE: CVE-2018-18064

Source:: Cisco Multivendor Vulnerability Alerts