CVE-2019-6247
Description
An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SVG++ (aka svgpp) 1.2.3. A heap-based buffer overflow bug in svgpp_agg_render may lead to code execution. In the render_scanlines_aa_solid function, the blend_hline function is called repeatedly multiple times. blend_hline is equivalent to a loop containing write operations. Each call writes a piece of heap data, and multiple calls overwrite the data in the heap.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap-buffer-overflow in SVG++'s render_scanlines_aa_solid function allows code execution via crafted input.
Vulnerability
An heap-based buffer overflow exists in SVG++ (svgpp) version 1.2.3, incorporating Anti-Grain Geometry (AGG) 2.4. In the render_scanlines_aa_solid function, blend_hline is called repeatedly; each call writes to heap memory, and multiple calls overwrite adjacent heap data, leading to a buffer overflow [1].
Exploitation
An attacker must supply a crafted SVG file that triggers the vulnerable rendering path. The blend_hline function is invoked in a loop within render_scanlines_aa_solid, and each invocation writes a portion of heap data. Successive calls overwrite heap memory beyond the allocated buffer, causing the overflow [1].
Impact
Successful exploitation can result in arbitrary code execution. The heap overflow allows overwriting critical data structures, potentially granting the attacker control over the process [1].
Mitigation
No patched version was available as of the publication date (2019-01-13). Users should avoid processing untrusted SVG files with svgpp and monitor the project for updates [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.