{"affected":[{"ecosystem_specific":{"binaries":[{"cairo-devel":"1.18.4-150600.3.3.1","libcairo-gobject2":"1.18.4-150600.3.3.1","libcairo-script-interpreter2":"1.18.4-150600.3.3.1","libcairo2":"1.18.4-150600.3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP6","name":"cairo","purl":"pkg:rpm/suse/cairo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.18.4-150600.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cairo-devel":"1.18.4-150600.3.3.1","libcairo-gobject2":"1.18.4-150600.3.3.1","libcairo-script-interpreter2":"1.18.4-150600.3.3.1","libcairo2":"1.18.4-150600.3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP7","name":"cairo","purl":"pkg:rpm/suse/cairo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.18.4-150600.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libcairo2-32bit":"1.18.4-150600.3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP6","name":"cairo","purl":"pkg:rpm/suse/cairo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.18.4-150600.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libcairo2-32bit":"1.18.4-150600.3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15 SP7","name":"cairo","purl":"pkg:rpm/suse/cairo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.18.4-150600.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cairo-devel":"1.18.4-150600.3.3.1","cairo-devel-32bit":"1.18.4-150600.3.3.1","cairo-tools":"1.18.4-150600.3.3.1","libcairo-gobject2":"1.18.4-150600.3.3.1","libcairo-gobject2-32bit":"1.18.4-150600.3.3.1","libcairo-script-interpreter2":"1.18.4-150600.3.3.1","libcairo-script-interpreter2-32bit":"1.18.4-150600.3.3.1","libcairo2":"1.18.4-150600.3.3.1","libcairo2-32bit":"1.18.4-150600.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"cairo","purl":"pkg:rpm/opensuse/cairo&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.18.4-150600.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cairo fixes the following issues:\n\n- CVE-2025-50422: Fixed Poppler crash on malformed input (bsc#1247589)\n\n- Update to version 1.18.4:\n  + The dependency on LZO has been made optional through a build\n    time configuration toggle.\n  + You can build Cairo against a Freetype installation that does\n    not have the FT_Color type.\n  + Cairo tests now build on Solaris 11.4 with GCC 14.\n  + The DirectWrite backend now builds on MINGW 11.\n  + The DirectWrite backend now supports font variations and proper\n    glyph coverage.\n- Use tarball in lieu of source service due to freedesktop gitlab\n  migration, will switch back at next release at the latest.\n- Add pkgconfig(lzo2) BuildRequires: New optional dependency, build\n  lzo2 support feature.\n\n- Convert to source service: allows for easier upgrades by the\n  GNOME team.\n\n- Update to version 1.18.2:\n  + The malloc-stats code has been removed from the tests directory\n  + Cairo now requires a version of pixman equal to, or newer than,\n    0.40.\n  + There have been multiple build fixes for newer versions of GCC\n    for MSVC; for Solaris; and on macOS 10.7.\n  + PNG errors caused by loading malformed data are correctly\n    propagated to callers, so they can handle the case.\n  + Both stroke and fill colors are now set when showing glyphs on\n    a PDF surface.\n  + All the font options are copied when creating a fallback font\n    object.\n  + When drawing text on macOS, Cairo now tries harder to select\n    the appropriate font name.\n  + Cairo now prefers the COLRv1 table inside a font, if one is\n    available.\n  + Cairo requires a C11 toolchain when building.\n","id":"SUSE-SU-2025:03449-1","modified":"2025-10-02T07:15:18Z","published":"2025-10-02T07:15:18Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202503449-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247589"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-50422"}],"related":["CVE-2025-50422"],"summary":"Security update for cairo","upstream":["CVE-2025-50422"]}