PT-2019-18051 · Svgpp+3 · Svgpp+3
Ghost
·
Published
2019-01-13
·
Updated
2023-06-19
·
CVE-2019-6246
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
svgpp version 1.2.3
Description
An issue was discovered in the Generic Image Library in Boost, where after calling the
gil::get color function, the return code is used as an address. This leads to an Access Violation due to an out-of-bounds read.Recommendations
For svgpp version 1.2.3, consider restricting the use of the
gil::get color function until a patch is available. As a temporary workaround, review the code to ensure that the return code from gil::get color is properly validated before being used as an address.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Boost
Linuxmint
Ubuntu
Svgpp