Vulnerability Description
An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xcftools Project | Xcftools | 1.0.7 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2021/02/msg00014.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/03/msg00008.htmlMailing ListThird Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878ExploitThird Party Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/02/msg00014.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/03/msg00008.htmlMailing ListThird Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878ExploitThird Party Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878ExploitThird Party Advisory
FAQ
What is CVE-2019-5086?
CVE-2019-5086 is a vulnerability with a CVSS score of 8.8 (HIGH). An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking th...
How severe is CVE-2019-5086?
CVE-2019-5086 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5086?
Check the references section above for vendor advisories and patch information. Affected products include: Xcftools Project Xcftools, Debian Debian Linux.