| Summary: | x11-libs/cairo: Multiple vulnerabilities (CVE-2019-{6461,6462}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | IN_PROGRESS --- | ||
| Severity: | normal | CC: | pavol.cupka, x11 |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | A3 [upstream cve] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
GLSAMaker/CVETool Bot
2020-04-17 01:20:46 UTC
(In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2019-6462 (https://nvd.nist.gov/vuln/detail/CVE-2019-6462): > An issue was discovered in cairo 1.16.0. There is an infinite loop in the > function _arc_error_normalized in the file cairo-arc.c, related to > _arc_max_angle_for_tolerance_normalized. https://gitlab.freedesktop.org/cairo/cairo/-/issues/353 > CVE-2019-6461 (https://nvd.nist.gov/vuln/detail/CVE-2019-6461): > An issue was discovered in cairo 1.16.0. There is an assertion problem in > the function _cairo_arc_in_direction in the file cairo-arc.c. https://gitlab.freedesktop.org/cairo/cairo/-/issues/352 Still no movement upstream (In reply to John Helmert III from comment #1) > (In reply to GLSAMaker/CVETool Bot from comment #0) > > CVE-2019-6462 (https://nvd.nist.gov/vuln/detail/CVE-2019-6462): > > An issue was discovered in cairo 1.16.0. There is an infinite loop in the > > function _arc_error_normalized in the file cairo-arc.c, related to > > _arc_max_angle_for_tolerance_normalized. > > https://gitlab.freedesktop.org/cairo/cairo/-/issues/353 > This one is fixed now (not yet in a release, but merged): https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/155. Other isn't. |
