CVE-2019-5086

Sažetak

An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878
https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html
https://lists.debian.org/debian-lts-announce/2021/03/msg00008.html

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

21-06-2022 - 19:22

Objavljeno

21-11-2019 - 16:15