CVE-2019-6462 (https://nvd.nist.gov/vuln/detail/CVE-2019-6462): An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized. CVE-2019-6461 (https://nvd.nist.gov/vuln/detail/CVE-2019-6461): An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.
(In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2019-6462 (https://nvd.nist.gov/vuln/detail/CVE-2019-6462): > An issue was discovered in cairo 1.16.0. There is an infinite loop in the > function _arc_error_normalized in the file cairo-arc.c, related to > _arc_max_angle_for_tolerance_normalized. https://gitlab.freedesktop.org/cairo/cairo/-/issues/353 > CVE-2019-6461 (https://nvd.nist.gov/vuln/detail/CVE-2019-6461): > An issue was discovered in cairo 1.16.0. There is an assertion problem in > the function _cairo_arc_in_direction in the file cairo-arc.c. https://gitlab.freedesktop.org/cairo/cairo/-/issues/352 Still no movement upstream
(In reply to John Helmert III from comment #1) > (In reply to GLSAMaker/CVETool Bot from comment #0) > > CVE-2019-6462 (https://nvd.nist.gov/vuln/detail/CVE-2019-6462): > > An issue was discovered in cairo 1.16.0. There is an infinite loop in the > > function _arc_error_normalized in the file cairo-arc.c, related to > > _arc_max_angle_for_tolerance_normalized. > > https://gitlab.freedesktop.org/cairo/cairo/-/issues/353 > This one is fixed now (not yet in a release, but merged): https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/155. Other isn't.
(In reply to Sam James from comment #2) > (In reply to John Helmert III from comment #1) > > (In reply to GLSAMaker/CVETool Bot from comment #0) > > > CVE-2019-6462 (https://nvd.nist.gov/vuln/detail/CVE-2019-6462): > > > An issue was discovered in cairo 1.16.0. There is an infinite loop in the > > > function _arc_error_normalized in the file cairo-arc.c, related to > > > _arc_max_angle_for_tolerance_normalized. > > > > https://gitlab.freedesktop.org/cairo/cairo/-/issues/353 > > > > This one is fixed now (not yet in a release, but merged): > https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/155. Released in 1.17.6.
(In reply to John Helmert III from comment #1) > > CVE-2019-6461 (https://nvd.nist.gov/vuln/detail/CVE-2019-6461): > > An issue was discovered in cairo 1.16.0. There is an assertion problem in > > the function _cairo_arc_in_direction in the file cairo-arc.c. > > https://gitlab.freedesktop.org/cairo/cairo/-/issues/352 Fixed in 1.18.0.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1706f49e1fd8c1605c4af96774563e3da549fd4 commit a1706f49e1fd8c1605c4af96774563e3da549fd4 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2023-12-02 16:22:03 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2023-12-02 16:22:05 +0000 x11-libs/cairo: Drop old versions Bug: https://bugs.gentoo.org/717778 Signed-off-by: Matt Turner <mattst88@gentoo.org> x11-libs/cairo/Manifest | 1 - x11-libs/cairo/cairo-1.17.8.ebuild | 100 ------------------- .../1.17.8-tee-Fix-cairo-wrapper-functions.patch | 109 --------------------- 3 files changed, 210 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=0897de043b952b959cced19df113deece9669a85 commit 0897de043b952b959cced19df113deece9669a85 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-08-07 11:19:32 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-08-07 11:19:41 +0000 [ GLSA 202408-09 ] Cairo: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/717778 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202408-09.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+)
