pixman 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は バッファオーバーフロー、vendor risk memory corruption、vendor risk denial of service, and vendor risk integer handling に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で アプリケーションクラッシュ and vendor impact memory corruption などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-37769 | stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c. | [email protected] | 6.5 | 0.51% | 2023-07-17 | 2024-11-21 |
| CVE-2022-44638 | In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. | [email protected] | 8.8 | 1.44% | 2022-11-03 | 2025-05-02 |
| CVE-2015-5297 | An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code. | [email protected] | 6.7 | 1.46% | 2019-07-31 | 2024-11-21 |
| CVE-2014-9766 | Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values. | [email protected] | 9.8 | 5.57% | 2016-04-13 | 2026-05-06 |
| CVE-2013-6425 | Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | [email protected] | 5.0 | 2.88% | 2014-01-18 | 2026-04-29 |
| CVE-2013-6424 | Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | [email protected] | 5.0 | 2.88% | 2014-01-18 | 2026-04-29 |