Claudio Bozzato of Cisco Talos discovered these vulnerabilities.

Xcftools contains two remote code execution vulnerabilities in its flattenIncrementally function. Xcftools is a set of tools for handling Gimp’s XCF files. The software provides tools to extract

information from an XCF file, and then converting XCF files into a PNG or PNM file. An attacker could exploit these bugs by tricking a user into opening a specially crafted XCF file.

Cisco Talos is disclosing these vulnerabilities after xcftools failed to patch them per Cisco’s 90-day deadline. Read more about the Cisco vulnerability disclosure policy here.

Vulnerability details xcftools flattenIncrementally tiles walk code execution vulnerability (TALOS-2019-0878/CVE-2019-5086)

An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.

Read the complete vulnerability advisory here for additional information.

xcftools flattenIncrementally rows allocation code execution vulnerability (TALOS-2019-0879/CVE-2019-5087)

An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row's allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.

Read the complete vulnerability advisory here for additional information.

Versions tested Talos tested and confirmed that xcftools version 1.0.7 is affected by these vulnerabilities.

Coverage The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 43857 - 43860, 50842 - 50845