Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2019-6462

Published: 16 January 2019

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

Notes

AuthorNote
mdeslaur
as of 2020-11-26, no upstream fix
rodrigo-zaiden
upstream merged a commit on Aug/2021 and closed the issue on
Dec/2021.

Priority

Low

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
cairo
Launchpad, Ubuntu, Debian
hirsute Ignored
(end of life)
kinetic Ignored
(end of life, was needs-triage)
focal Needs triage

jammy Needs triage

xenial
Released (1.14.6-1ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
impish Ignored
(end of life)
bionic Needs triage

cosmic Ignored
(end of life)
disco Ignored
(end of life)
eoan Ignored
(end of life)
groovy Ignored
(end of life)
lunar Needs triage

trusty Does not exist
(trusty was deferred [2020-11-26])
upstream
Released (1.17.6)
mantic Needs triage

Patches:
upstream: https://gitlab.freedesktop.org/cairo/cairo/-/commit/ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H