USN-6178-1

Source

https://ubuntu.com/security/notices/USN-6178-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6178-1.json

Related

Published

2023-06-19T18:38:42.872405Z

Modified

2023-06-19T18:38:42.872405Z

Summary

Several security issues were fixed in SVG++ library

Details

It was discovered that in SVG++ library that the demo application incorrectly managed memory resulting in a memory access violation under certain circumstances. An attacker could possibly use this issue to leak memory information or run a denial of service attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-6246)

It was discovered that in SVG++ library that the demo application incorrectly handled null pointers under certain circumstances. An attacker could possibly use this issue to cause denial of service, leak memory information or manipulate program execution flow. (CVE-2021-44960)

References

Affected packages

Ubuntu:22.04:LTS / svgpp

Package

Name: svgpp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.3.0+dfsg1-3ubuntu2.22.04.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libsvgpp-doc": "1.3.0+dfsg1-3ubuntu2.22.04.1",
            "libsvgpp-dev": "1.3.0+dfsg1-3ubuntu2.22.04.1"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / svgpp

Package

Name: svgpp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.2.3+dfsg1-3ubuntu1+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libsvgpp-doc": "1.2.3+dfsg1-3ubuntu1+esm1",
            "libsvgpp-dev": "1.2.3+dfsg1-3ubuntu1+esm1"
        }
    ]
}