Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2019-6462

Published: 16 January 2019

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

Notes

AuthorNote
mdeslaur
as of 2020-11-26, no upstream fix
rodrigo-zaiden
upstream merged a commit on Aug/2021 and closed the issue on
Dec/2021.

Priority

Low

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
cairo
Launchpad, Ubuntu, Debian
bionic Needs triage

cosmic Ignored
(end of life)
disco Ignored
(end of life)
eoan Ignored
(end of life)
focal Needs triage

groovy Ignored
(end of life)
hirsute Ignored
(end of life)
impish Ignored
(end of life)
jammy Needs triage

kinetic Ignored
(end of life, was needs-triage)
lunar Ignored
(end of life, was needs-triage)
mantic Needs triage

noble Needs triage

trusty Does not exist
(trusty was deferred [2020-11-26])
upstream
Released (1.17.6)
xenial
Released (1.14.6-1ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
Patches:
upstream: https://gitlab.freedesktop.org/cairo/cairo/-/commit/ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H