CVE Number: CVE-2019-5086 Summary: An integer overflow vulnerability exists in the function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. It can be exploited to corrupt memory and execute arbitrary code. Triggered by opening a specially crafted XCF file. CVSSv3 Score: 7.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CWE: CWE-680 - Integer Overflow to Buffer Overflow Details: Vulnerability lies in the calculation of tile dimensions using the function. The issue arises from improper handling of integer overflows when calculating the "right" and "bottom" positions of tiles. When the horizontal and vertical limits overflow, the code erroneously assigns negative values, leading to unexpected behavior in subsequent loops. Crash Information: AddressSanitizer reports heap-buffer-overflow due to the integer overflow in the function. Results in memory corruption and potential arbitrary code execution. Timeline: 2019-07-31: Initial contact 2019-08-07: Plain text file sent 2019-10-02: 60+ day follow up 2019-10-21: 90 day notice 2019-11-21: Public release Credit: Discovered by Claudio Bozzato of Cisco Talos.