CVE-2019-6245
HIGH8.8EPSS 0.61%agg - security update
發布日:2019/1/13修改日:2026/4/28
也稱為:DEBIAN-CVE-2019-6245DLA-1656-1DLA-2872-1
描述
An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned to (x2 - x1). If dx >= dx_limit, which is (16384 << poly_subpixel_shift), this function will call itself recursively. There can be a situation where (x2 - x1) is always bigger than dx_limit during the recursion, leading to continual stack consumption.
受影響套件(5)
- Debian/aggfrom 0, < 1:2.4-r127+dfsg1-1
- Debian/aggfrom 0, < 2.5+dfsg1-9+deb8u1
- Debian/aggfrom 0, < 2.5+dfsg1-11+deb9u1
- Debian/svgppfrom 0
- Debian/svgppfrom 0, < 1.2.3+dfsg1-6+deb10u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |