Candidate: CVE-2019-6246
PublicDate: 2019-01-13 00:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6246
 https://github.com/svgpp/svgpp/issues/70
Description:
 An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the
 gil::get_color function in Generic Image Library in Boost, the return code
 is used as an address, leading to an Access Violation because of an
 out-of-bounds read.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_svgpp:
upstream_svgpp: released (1.2.3+dfsg1-5)
precise/esm_svgpp: DNE
trusty_svgpp: DNE
trusty/esm_svgpp: DNE
xenial_svgpp: DNE
bionic_svgpp: needed
cosmic_svgpp: ignored (reached end-of-life)
disco_svgpp: not-affected (1.2.3+dfsg1-5)
eoan_svgpp: not-affected (1.2.3+dfsg1-5)
focal_svgpp: not-affected (1.2.3+dfsg1-5)
groovy_svgpp: not-affected (1.2.3+dfsg1-5)
hirsute_svgpp: not-affected (1.2.3+dfsg1-5)
impish_svgpp: not-affected (1.2.3+dfsg1-5)
jammy_svgpp: not-affected (1.2.3+dfsg1-5)
devel_svgpp: not-affected (1.2.3+dfsg1-5)