Debian 9819 Published by

A svgpp security update has been released for Debian GNU/Linux 10 LTS to address multiple security issues.

DLA 3376-1: svgpp security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3376-1 Anton Gladky
March 31, 2023
- -------------------------------------------------------------------------

Package : svgpp
Version : 1.2.3+dfsg1-6+deb10u1
CVE ID : CVE-2019-6245 CVE-2019-6247 CVE-2021-44960

Multiple security issues were discovered in svgpp: a C++ library for parsing and
rendering Scalable Vector Graphics (SVG) files.

The XMLDocument::getRoot function in the renderDocument function handled the
XMLDocument object improperly. Specifically, it returned a null pointer
prematurely at the second if statement, resulting in a null pointer
reference behind the renderDocument function.

CVE-2019-6245 and CVE-2019-6247:
issues were discovered in Anti-Grain Geometry (AGG) within the function
agg::cell_aa::not_equal. Since svgpp is a header-only library, the issue is
only transitive in theory. As a result, only a dependency version hardening
has been added to the control file.

For Debian 10 buster, these problems have been fixed in version

We recommend that you upgrade your svgpp packages.

For the detailed security status of svgpp please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: