Vulnerability CVE-2019-5086


Published: 2019-11-21   Modified: 2019-11-24

Description:
An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.

Type:

CWE-190

(Integer Overflow or Wraparound)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Xcftools project -> Xcftools 

 References:
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878

Copyright 2024, cxsecurity.com

 

Back to Top