SB2019011319 - Multiple vulnerabilities in SVG++

Description

This security bulletin contains information about 3 vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2019-6246)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the gil::get_color() function in Generic Image Library in Boost. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.

2) Heap-based buffer overflow (CVE-ID: CVE-2019-6247)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the render_scanlines_aa_solid() function. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Stack-based buffer overflow (CVE-ID: CVE-2019-6245)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the agg::cell_aa::not_equal() function when drawing long lines. A remote attacker can trigger stack overflow and crash the application.

Remediation

Install update from vendor's website.

References

• https://github.com/svgpp/svgpp/issues/70
• https://lists.debian.org/debian-lts-announce/2023/04/msg00001.html
• https://lists.debian.org/debian-lts-announce/2019/02/msg00001.html
• https://lists.debian.org/debian-lts-announce/2021/12/msg00038.html
• https://sourceforge.net/p/agg/svn/119/