Security update for cairo SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:03280-1 Final 1 1 2025-09-19T17:43:21Z current 2025-09-19T17:43:21Z 2025-09-19T17:43:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for cairo This update for cairo fixes the following issues: - CVE-2025-50422: NULL pointer access in `active_edges_to_traps()` can lead to crash in Poppler (bsc#1247589). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3280,SUSE-SLE-Micro-5.3-2025-3280,SUSE-SLE-Micro-5.4-2025-3280,SUSE-SLE-Micro-5.5-2025-3280 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202503280-1/ Link for SUSE-SU-2025:03280-1 https://lists.suse.com/pipermail/sle-updates/2025-September/041787.html E-Mail link for SUSE-SU-2025:03280-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1247589 SUSE Bug 1247589 https://www.suse.com/security/cve/CVE-2025-50422/ SUSE CVE CVE-2025-50422 page SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 cairo-devel-1.16.0-150400.11.9.1 cairo-devel-32bit-1.16.0-150400.11.9.1 cairo-devel-64bit-1.16.0-150400.11.9.1 cairo-tools-1.16.0-150400.11.9.1 libcairo-gobject2-1.16.0-150400.11.9.1 libcairo-gobject2-32bit-1.16.0-150400.11.9.1 libcairo-gobject2-64bit-1.16.0-150400.11.9.1 libcairo-script-interpreter2-1.16.0-150400.11.9.1 libcairo-script-interpreter2-32bit-1.16.0-150400.11.9.1 libcairo-script-interpreter2-64bit-1.16.0-150400.11.9.1 libcairo2-1.16.0-150400.11.9.1 libcairo2-32bit-1.16.0-150400.11.9.1 libcairo2-64bit-1.16.0-150400.11.9.1 libcairo-gobject2-1.16.0-150400.11.9.1 as a component of SUSE Linux Enterprise Micro 5.3 libcairo2-1.16.0-150400.11.9.1 as a component of SUSE Linux Enterprise Micro 5.3 libcairo-gobject2-1.16.0-150400.11.9.1 as a component of SUSE Linux Enterprise Micro 5.4 libcairo2-1.16.0-150400.11.9.1 as a component of SUSE Linux Enterprise Micro 5.4 libcairo-gobject2-1.16.0-150400.11.9.1 as a component of SUSE Linux Enterprise Micro 5.5 libcairo2-1.16.0-150400.11.9.1 as a component of SUSE Linux Enterprise Micro 5.5 Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c. CVE-2025-50422 SUSE Linux Enterprise Micro 5.3:libcairo-gobject2-1.16.0-150400.11.9.1 SUSE Linux Enterprise Micro 5.3:libcairo2-1.16.0-150400.11.9.1 SUSE Linux Enterprise Micro 5.4:libcairo-gobject2-1.16.0-150400.11.9.1 SUSE Linux Enterprise Micro 5.4:libcairo2-1.16.0-150400.11.9.1 SUSE Linux Enterprise Micro 5.5:libcairo-gobject2-1.16.0-150400.11.9.1 SUSE Linux Enterprise Micro 5.5:libcairo2-1.16.0-150400.11.9.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503280-1/ https://www.suse.com/security/cve/CVE-2025-50422.html CVE-2025-50422 https://bugzilla.suse.com/1247589 SUSE Bug 1247589