← Voltar para CVEs
CVE-2019-5086
HIGH8.8
Descricao
An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado11/21/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
debian:debian_linuxxcftools_project:xcftools
Fraquezas (CWE)
CWE-680CWE-190CWE-787
Referencias
https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html(talos-cna@cisco.com)
https://lists.debian.org/debian-lts-announce/2021/03/msg00008.html(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878(talos-cna@cisco.com)
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878(talos-cna@cisco.com)
https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/03/msg00008.html(af854a3a-2127-422b-91ae-364da2661108)
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0878(af854a3a-2127-422b-91ae-364da2661108)
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0878(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.