USN-6178-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-6178-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6178-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/USN-6178-1

Related

Published

2023-06-19T18:38:42.872405Z

Modified

2023-06-19T18:38:42.872405Z

Summary

Several security issues were fixed in SVG++ library

Details

It was discovered that in SVG++ library that the demo application incorrectly managed memory resulting in a memory access violation under certain circumstances. An attacker could possibly use this issue to leak memory information or run a denial of service attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-6246)

It was discovered that in SVG++ library that the demo application incorrectly handled null pointers under certain circumstances. An attacker could possibly use this issue to cause denial of service, leak memory information or manipulate program execution flow. (CVE-2021-44960)

References

Affected packages

Ubuntu:Pro:18.04:LTS / svgpp

Package

Name: svgpp
Purl: pkg:deb/ubuntu/svgpp@1.2.3+dfsg1-3ubuntu1+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.3+dfsg1-3ubuntu1+esm1

Affected versions

1.*

1.2.3+dfsg1-3

1.2.3+dfsg1-3ubuntu1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.2.3+dfsg1-3ubuntu1+esm1",
            "binary_name": "libsvgpp-dev"
        },
        {
            "binary_version": "1.2.3+dfsg1-3ubuntu1+esm1",
            "binary_name": "libsvgpp-doc"
        }
    ]
}

Ubuntu:22.04:LTS / svgpp

Package

Name: svgpp
Purl: pkg:deb/ubuntu/svgpp@1.3.0+dfsg1-3ubuntu2.22.04.1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.0+dfsg1-3ubuntu2.22.04.1

Affected versions

1.*

1.3.0+dfsg1-3ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1.3.0+dfsg1-3ubuntu2.22.04.1",
            "binary_name": "libsvgpp-dev"
        },
        {
            "binary_version": "1.3.0+dfsg1-3ubuntu2.22.04.1",
            "binary_name": "libsvgpp-doc"
        }
    ]
}