Bug 1669629 (CVE-2019-6461)

Summary: CVE-2019-6461 cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.c
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abhgupta, dbaker, erack, jhorak, jokerman, mdogra, otte, rh-spice-bugs, scorneli, sthangav, stransky, trankin
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in Cairo due to an assertion flaw in the _cairo_arc_in_direction function within cairo-arc.c, where an attacker can exploit the issue by convincing a victim to open a specially crafted file, which could trigger the assertion failure and cause the application to crash, resulting in a denial of service.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-27 03:24:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1669630, 1669631, 1669632, 1686526, 1686530, 1686532    
Bug Blocks: 1669633    

Description Laura Pardo 2019-01-25 19:56:22 UTC 
An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.


References:
https://gitlab.freedesktop.org/cairo/cairo/issues/352
Comment 1 Laura Pardo 2019-01-25 19:56:48 UTC 
Created cairo tracking bugs for this issue:

Affects: fedora-all [bug 1669630]


Created mingw-cairo tracking bugs for this issue:

Affects: epel-7 [bug 1669632]
Affects: fedora-all [bug 1669631]
Comment 2 Dave Baker 2019-02-28 15:57:51 UTC 
Confirmed present in cairo < 1.16.0, here specifically checking v1.15.12 used in the OCP mediawiki container 
https://gitlab.freedesktop.org/cairo/cairo/blob/1.15.12/src/cairo-arc.c#L189
Comment 7 Stefan Cornelius 2019-03-14 10:34:22 UTC 
Statement:

This issue affects the versions of cairo as shipped with Red Hat Enterprise Linux 7.

This issue did not affect the versions of cairo as shipped with Red Hat Enterprise Linux 5 and 6.
Comment 12 Red Hat Bugzilla 2025-01-09 04:25:02 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days