Source: xcftools Version: 1.0.7-6 Severity: important Tags: security upstream
Hi, The following vulnerabilities were published for xcftools. CVE-2019-5086[0]: | An exploitable integer overflow vulnerability exists in the | flattenIncrementally function in the xcf2png and xcf2pnm binaries of | xcftools, version 1.0.7. An integer overflow can occur while walking | through tiles that could be exploited to corrupt memory and execute | arbitrary code. In order to trigger this vulnerability, a victim would | need to open a specially crafted XCF file. CVE-2019-5087[1]: | An exploitable integer overflow vulnerability exists in the | flattenIncrementally function in the xcf2png and xcf2pnm binaries of | xcftools 1.0.7. An integer overflow can occur while calculating the | row's allocation size, that could be exploited to corrupt memory and | eventually execute arbitrary code. In order to trigger this | vulnerability, a victim would need to open a specially crafted XCF | file. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-5086 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5086 [1] https://security-tracker.debian.org/tracker/CVE-2019-5087 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5087 Please adjust the affected versions in the BTS as needed. Is xcftools still maintained (upstream)? Regards, Salvatore
