PT-2019-18052 · Agg+2 · Anti-Grain Geometry+2
Ghost
·
Published
2019-01-13
·
Updated
2023-04-01
·
CVE-2019-6247
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Anti-Grain Geometry (AGG) version 2.4
svgpp (aka svgpp) version 1.2.3
Description
A heap-based buffer overflow bug in
svgpp agg render may lead to code execution. The issue arises in the render scanlines aa solid function, where the blend hline function is called repeatedly, overwriting heap data. This is equivalent to a loop containing write operations, with each call writing a piece of heap data.Recommendations
For Anti-Grain Geometry (AGG) version 2.4, consider disabling the
blend hline function as a temporary workaround until a patch is available.
For svgpp (aka svgpp) version 1.2.3, restrict access to the svgpp agg render function to minimize the risk of exploitation.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Anti-Grain Geometry
Debian
Svgpp