CVE-2019-6245
HIGH8.8EPSS 0.61%svgpp - security update
Published: 1/13/2019Modified: 4/28/2026
Description
An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned to (x2 - x1). If dx >= dx_limit, which is (16384 << poly_subpixel_shift), this function will call itself recursively. There can be a situation where (x2 - x1) is always bigger than dx_limit during the recursion, leading to continual stack consumption.
Affected packages (5)
- Debian/aggfrom 0, < 1:2.4-r127+dfsg1-1
- Debian/aggfrom 0, < 2.5+dfsg1-9+deb8u1
- Debian/aggfrom 0, < 2.5+dfsg1-11+deb9u1
- Debian/svgppfrom 0
- Debian/svgppfrom 0, < 1.2.3+dfsg1-6+deb10u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |