CVE-2019-6245

Priority
Description
An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++
(aka svgpp) 1.2.3. In the function agg::cell_aa::not_equal, dx is assigned
to (x2 - x1). If dx >= dx_limit, which is (16384 << poly_subpixel_shift),
this function will call itself recursively. There can be a situation where
(x2 - x1) is always bigger than dx_limit during the recursion, leading to
continual stack consumption.
Notes
ebarrettoAccording to Debian: no security impact on svgpp, only used to
build examples
Package
Source: agg (LP Ubuntu Debian)
Upstream:released (1:2.4-r127+dfsg1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.5+dfsg1-9+deb8u1build0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1:2.4-r127+dfsg1-1)
Ubuntu 19.10 (Eoan Ermine):not-affected (1:2.4-r127+dfsg1-1)
Patches:
Upstream:https://sourceforge.net/p/agg/svn/119/
Package
Source: svgpp (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):ignored
Ubuntu 19.10 (Eoan Ermine):ignored
More Information

Updated: 2020-01-29 20:05:28 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)