CVE-2019-6462 - An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normal

CVE-2019-6462

Summary

An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.

References

https://github.com/TeamSeri0us/pocs/tree/master/gerbv
https://gitlab.freedesktop.org/cairo/cairo/issues/353
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E

Vulnerable Configurations

cpe:2.3:a:cairographics:cairo:1.16.0:*:*:*:*:*:*:*
cpe:2.3:a:cairographics:cairo:1.16.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 04-03-2021 - 17:31)
Impact:
Exploitability:

CWE

CWE-835

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

misc

https://github.com/TeamSeri0us/pocs/tree/master/gerbv
https://gitlab.freedesktop.org/cairo/cairo/issues/353

Last major update

04-03-2021 - 17:31

Published

16-01-2019 - 18:29

Last modified

04-03-2021 - 17:31