CVE-2019-6247

Name of the Vulnerable Software and Affected Versions Anti-Grain Geometry (AGG) version 2.4 svgpp (aka svgpp) version 1.2.3

Description A heap-based buffer overflow bug in svgpp agg render may lead to code execution. The issue arises in the render scanlines aa solid function, where the blend hline function is called repeatedly, overwriting heap data. This is equivalent to a loop containing write operations, with each call writing a piece of heap data.

Recommendations For Anti-Grain Geometry (AGG) version 2.4, consider disabling the blend hline function as a temporary workaround until a patch is available. For svgpp (aka svgpp) version 1.2.3, restrict access to the svgpp agg render function to minimize the risk of exploitation.