CVE-2009-2175

Name of the Vulnerable Software and Affected Versions xcftools version 1.0.4

Description The issue is related to a stack-based buffer overflow in the flattenIncrementally function, which can be triggered by crafted images that cause a conversion to a location outside the canvas boundaries. This can lead to a denial of service (crash) and potentially allow the execution of arbitrary code. The flattenIncrementally function is reachable through the xcf2pnm and xcf2png utilities.

Recommendations For xcftools version 1.0.4, consider avoiding the use of crafted images that may cause conversions outside the canvas boundaries until a patch is available. As a temporary workaround, restrict the use of the xcf2pnm and xcf2png utilities to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.