CVE-2019-6462

NameCVE-2019-6462
DescriptionAn issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs929945

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cairo (PTS)bullseye1.16.0-5vulnerable
bookworm1.16.0-7vulnerable
sid, trixie1.18.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cairosourceexperimental1.17.8-1
cairosource(unstable)1.17.8-3low929945

Notes

[bookworm] - cairo <ignored> (Minor issue)
[bullseye] - cairo <ignored> (Minor issue)
[buster] - cairo <ignored> (Minor issue)
[stretch] - cairo <no-dsa> (Minor issue)
[jessie] - cairo <no-dsa> (Minor issue)
https://gitlab.freedesktop.org/cairo/cairo/issues/353
Per upstream seems fixed in latest release, although it was never pinpointed
which change exactly fixes it (and it's also not worth tracking down for older
releases

Search for package or bug name: Reporting problems