CVE-2019-5087

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions xcftools version 1.0.7

Description An integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries. This vulnerability can occur while calculating the row's allocation size, potentially allowing memory corruption and arbitrary code execution. A victim would need to open a specially crafted XCF file to trigger this issue.

Recommendations For version 1.0.7, consider disabling the flattenIncrementally function as a temporary workaround until a patch is available. Restrict access to the xcf2png and xcf2pnm binaries to minimize the risk of exploitation. Avoid opening specially crafted XCF files with the affected binaries until the issue is resolved.

Exploit

Fix

Memory Corruption

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-680CWE-787CWE-190

Related Identifiers

CVE-2019-5087

DLA-2553-1

DLA-2553-2

USN-5988-1

Affected Products

Linuxmint

Ubuntu

Xcftools

CVE-2019-5087

Weakness Enumeration

Related Identifiers

Affected Products

References · 14