Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5988-1

Ubuntu Security Notice 5988-1 - It was discovered that integer overflows vulnerabilities existed in Xcftools. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos

==========================================================================
Ubuntu Security Notice USN-5988-1
March 29, 2023

xcftools vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 ESM

Summary:

Xcftools could be made to crash or run programs as an administrator
if it opened a specially crafted file.

Software Description:

  • xcftools: command-line tools for extracting data for XCF files

Details:

It was discovered that integer overflows vulnerabilities existed in Xcftools.
An attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2019-5086, CVE-2019-5087)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
xcftools 1.0.7-6ubuntu0.20.04.1

Ubuntu 18.04 LTS:
xcftools 1.0.7-6ubuntu0.1

Ubuntu 16.04 ESM:
xcftools 1.0.7-5ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5988-1
CVE-2019-5086, CVE-2019-5087

Package Information:
https://launchpad.net/ubuntu/+source/xcftools/1.0.7-6ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/xcftools/1.0.7-6ubuntu0.1

Related news

CVE-2019-5086: TALOS-2019-0878 || Cisco Talos Intelligence Group

An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.

CVE-2019-5087: TALOS-2019-0879 || Cisco Talos Intelligence Group

An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row's allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution