CVE-2019-5086

EUVD-2019-14691
An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
talosCNA
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
xcftools_projectxcftools
1.0.7
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xcftools
bionic
Fixed 1.0.7-6ubuntu0.1
released
disco
ignored
eoan
ignored
focal
Fixed 1.0.7-6ubuntu0.20.04.1
released
groovy
ignored
hirsute
dne
impish
dne
jammy
dne
kinetic
dne
lunar
dne
trusty
dne
xenial
Fixed 1.0.7-5ubuntu0.1~esm1
released
Common Weakness Enumeration
References
https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00008.html
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878
https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00008.html
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878