Claudio Bozzato of Cisco Talos discovered these vulnerabilities.
Xcftools contains two remote code execution vulnerabilities in its flattenIncrementally function. Xcftools is a set of tools for handling Gimp’s XCF files. The software provides tools to extract information from an XCF file, and then converting XCF files into a PNG or PNM file. An attacker could exploit these bugs by tricking a user into opening a specially crafted XCF file.
Cisco Talos is disclosing these vulnerabilities after xcftools failed to patch them per Cisco’s 90-day deadline. Read more about the Cisco vulnerability disclosure policy here.
Vulnerability details
xcftools flattenIncrementally tiles walk code execution vulnerability (TALOS-2019-0878/CVE-2019-5086)
An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.
Read the complete vulnerability advisory here for additional information.
xcftools flattenIncrementally rows allocation code execution vulnerability (TALOS-2019-0879/CVE-2019-5087)
An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcfto ..
Support the originator by clicking the read the rest link below.
