Candidate: CVE-2019-5087
PublicDate: 2019-11-21 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5087
 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0879
 https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0879
Description:
 An exploitable integer overflow vulnerability exists in the
 flattenIncrementally function in the xcf2png and xcf2pnm binaries of
 xcftools 1.0.7. An integer overflow can occur while calculating the row's
 allocation size, that could be exploited to corrupt memory and eventually
 execute arbitrary code. In order to trigger this vulnerability, a victim
 would need to open a specially crafted XCF file.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: pfsmorigo
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_xcftools:
upstream_xcftools: needs-triage
precise/esm_xcftools: DNE
trusty_xcftools: ignored (out of standard support)
trusty/esm_xcftools: DNE
xenial_xcftools: ignored (end of standard support, was needs-triage)
bionic_xcftools: needs-triage
disco_xcftools: ignored (reached end-of-life)
eoan_xcftools: ignored (reached end-of-life)
focal_xcftools: needs-triage
groovy_xcftools: ignored (reached end-of-life)
hirsute_xcftools: DNE
impish_xcftools: DNE
jammy_xcftools: DNE
devel_xcftools: DNE