Candidate: CVE-2019-6245
PublicDate: 2019-01-13 00:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6245
 https://github.com/svgpp/svgpp/issues/70
Description:
 An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++
 (aka svgpp) 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned
 to (x2 - x1). If dx >= dx_limit, which is (16384 << poly_subpixel_shift),
 this function will call itself recursively. There can be a situation where
 (x2 - x1) is always bigger than dx_limit during the recursion, leading to
 continual stack consumption.
Ubuntu-Description:
Notes:
 ebarretto> According to Debian: no security impact on svgpp, only used to
 ebarretto> build examples
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_svgpp:
upstream_svgpp: needs-triage
precise/esm_svgpp: DNE
trusty_svgpp: DNE
trusty/esm_svgpp: DNE
xenial_svgpp: DNE
bionic_svgpp: ignored
cosmic_svgpp: ignored (reached end-of-life)
disco_svgpp: ignored
devel_svgpp: ignored

Patches_agg:
 upstream: https://sourceforge.net/p/agg/svn/119/
upstream_agg: released (1:2.4-r127+dfsg1-1)
precise/esm_agg: DNE
trusty_agg: DNE
trusty/esm_agg: DNE
xenial_agg: released (2.5+dfsg1-9+deb8u1build0.16.04.1)
bionic_agg: not-affected (1:2.4-r127+dfsg1-1)
cosmic_agg: not-affected (1:2.4-r127+dfsg1-1)
disco_agg: not-affected (1:2.4-r127+dfsg1-1)
devel_agg: not-affected (1:2.4-r127+dfsg1-1)