CVE-2019-6247

Publication date 13 January 2019

Last updated 24 July 2024


Ubuntu priority

Negligible

Why this priority?

Cvss 3 Severity Score

8.8 · High

Score breakdown

An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. A heap-based buffer overflow bug in svgpp_agg_render may lead to code execution. In the render_scanlines_aa_solid function, the blend_hline function is called repeatedly multiple times. blend_hline is equivalent to a loop containing write operations. Each call writes a piece of heap data, and multiple calls overwrite the data in the heap.

Read the notes from the security team

Status

Package Ubuntu Release Status
svgpp 19.04 disco Ignored
18.10 cosmic Ignored end of life
18.04 LTS bionic Ignored
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release

Notes


ebarretto

According to Debian: Issue only in src:svgpp which does not call the AGG-API in correct way. No security impact, only used to build example

Severity score breakdown

Parameter Value
Base score 8.8 · High
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H