8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
61.3%
An exploitable integer overflow vulnerability exists in the
flattenIncrementally function in the xcf2png and xcf2pnm binaries of
xcftools 1.0.7. An integer overflow can occur while calculating the row’s
allocation size, that could be exploited to corrupt memory and eventually
execute arbitrary code. In order to trigger this vulnerability, a victim
would need to open a specially crafted XCF file.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5087
launchpad.net/bugs/cve/CVE-2019-5087
nvd.nist.gov/vuln/detail/CVE-2019-5087
security-tracker.debian.org/tracker/CVE-2019-5087
talosintelligence.com/vulnerability_reports/TALOS-2019-0879
ubuntu.com/security/notices/USN-5988-1
www.talosintelligence.com/vulnerability_reports/TALOS-2019-0879
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
61.3%