Source: cairo Version: 1.18.4-1 Severity: important Tags: security upstream Forwarded: https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for cairo. CVE-2025-50422[0]: | An issue was discovered in freedesktop poppler v25.04.0. The heap | memory containing PDF stream objects is not cleared upon program | exit, allowing attackers to obtain sensitive PDF content via a | memory dump. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-50422 https://www.cve.org/CVERecord?id=CVE-2025-50422 [1] https://github.com/Landw-hub/CVE-2025-50422 [2] https://gitlab.freedesktop.org/poppler/poppler/-/issues/1591 [3] https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
