Vulnerability Details CVE-2019-5086
An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 6.8
References
- https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00008.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878
- https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00008.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878
Products affected by CVE-2019-5086
-
cpe:2.3:a:xcftools_project:xcftools:1.0.7
-
cpe:2.3:o:debian:debian_linux:9.0