Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: Cairo Low Severity Malformed Input Fix 2025:03449-1

suse
Calendar Grey October 2, 2025
Dist Suse Esm H88
Update for Cairo addresses CVE-2025-50422 vulnerability with low severity, protecting against potential issues from malformed input.
* bsc#1247589 Cross-References: * CVE-2025-50422

Summary

## This update for cairo fixes the following issues: * CVE-2025-50422: Fixed Poppler crash on malformed input (bsc#1247589) * Update to version 1.18.4: * The dependency on LZO has been made optional through a build time configuration toggle. * You can build Cairo against a Freetype installation that does not have the FT_Color type. * Cairo tests now build on Solaris 11.4 with GCC 14. * The DirectWrite backend now builds on MINGW 11. * The DirectWrite backend now supports font variations and proper glyph coverage. * Use tarball in lieu of source service due to freedesktop gitlab migration, will switch back at next release at the latest. * Add pkgconfig(lzo2) BuildRequires: New optional dependency, build lzo2 support feature. * Convert to source service: allows for easier upgrades by the GNOME team. * Update to version 1.18.2:

Topics%20covered

Topics Covered

security advisory SuSE DoS low Cairo malformed input

References

* bsc#1247589

Cross-

* CVE-2025-50422

CVSS scores:

* CVE-2025-50422 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2025-50422 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

* CVE-2025-50422 ( NVD ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP6

* Basesystem Module 15-SP7

* Desktop Applications Module 15-SP6

* Desktop Applications Module 15-SP7

* openSUSE Leap 15.6

* SUSE Linux Enterprise Desktop 15 SP6

* SUSE Linux Enterprise Desktop 15 SP7

* SUSE Linux Enterprise Real Time 15 SP6

* SUSE Linux Enterprise Real Time 15 SP7

* SUSE Linux Enterprise Server 15 SP6

* SUSE Linux Enterprise Server 15 SP7

* SUSE Linux Enterprise Server for SAP Applications 15 SP6

* SUSE Linux Enterprise Server for SAP Applications 15 SP7

Severity
low
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:03449-1
Release Date: 2025-10-02T07:15:33Z
Rating: low

Topics%20covered

Topics Covered

security advisory SuSE DoS low Cairo malformed input

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here