Login Sign Up

CVE-2019-5087

8.8 HIGH
Remote Code Execution

📋 TL;DR

An integer overflow vulnerability in xcftools allows memory corruption when processing specially crafted XCF files. This could lead to arbitrary code execution with the privileges of the user running xcf2png or xcf2pnm. Users of xcftools 1.0.7 who process untrusted XCF files are affected.

💻 Affected Systems

Products:
  • xcftools
Versions: 1.0.7
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects xcf2png and xcf2pnm binaries when processing XCF files.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Xcftools by Xcftools Project

View all CVEs affecting Xcftools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if exploited against a privileged user or service.

🟠

Likely Case

Local privilege escalation or denial of service when processing malicious XCF files.

🟢

If Mitigated

Limited impact if proper file validation and privilege separation are implemented.

🌐 Internet-Facing: LOW - Requires user interaction to open malicious files, not directly network exploitable.
🏢 Internal Only: MEDIUM - Could be exploited via phishing or malicious uploads to internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious XCF file. Proof of concept available in Talos advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.8 or later

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2021/02/msg00014.html

Restart Required: No

Instructions:

1. Update xcftools to version 1.0.8 or later using package manager. 2. For Debian/Ubuntu: sudo apt update && sudo apt upgrade xcftools. 3. For source installation: Download latest version from official repository and recompile.

🔧 Temporary Workarounds

Remove vulnerable binaries

linux

Remove or restrict access to xcf2png and xcf2pnm binaries

sudo rm /usr/bin/xcf2png
sudo rm /usr/bin/xcf2pnm

Restrict file processing

all

Implement file validation to reject untrusted XCF files

🧯 If You Can't Patch

  • Implement strict file upload validation to reject XCF files from untrusted sources
  • Run xcftools in sandboxed environment with minimal privileges

🔍 How to Verify

Check if Vulnerable:

Check xcftools version: xcftools --version | grep '1.0.7'

Check Version:

xcftools --version

Verify Fix Applied:

Verify version is 1.0.8 or later: xcftools --version

📡 Detection & Monitoring

Log Indicators:

  • Process crashes of xcf2png or xcf2pnm
  • Unusual memory allocation patterns

Network Indicators:

  • None - local file processing vulnerability

SIEM Query:

process_name IN ('xcf2png', 'xcf2pnm') AND exit_code != 0

📊 Metadata

CVE ID: CVE-2019-5087
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-680
Published: November 21, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-5087, you might also want to check these:

CVE-2020-13576 9.8

A remote code execution vulnerability exists in the WS-Addressing plugin of Genivia gSOAP 2.8.107. A...

Same vulnerability type (CWE-680)
CVE-2018-8795 9.8

CVE-2018-8795 is a critical integer overflow vulnerability in rdesktop RDP client that leads to heap...

Same vulnerability type (CWE-680)
CVE-2021-21783 9.8

This vulnerability allows remote code execution in Genivia gSOAP's WS-Addressing plugin. Attackers c...

Same vulnerability type (CWE-680)