Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host has XnView installed and is prone to multiple heap based buffer overflow vulnerabilities. Vulnerabilities Insight: - Insufficient validation when decompressing SGI32LogLum compressed TIFF images. - Insufficient validation when decompressing SGI32LogLum compressed TIFF images where the PhotometricInterpretation encoding is set to LogL. - Insufficient validation when decompressing PCT images. - An indexing error when processing the ImageDescriptor structure of GIF images.
Affected Software
Affected Software
XnView versions prior to 1.99 on windows
Solution
Solution
Update to XnView version 1.99 or later.
Common Vulnerabilities and Exposures (CVE)
References
- http://secunia.com/advisories/48666
- http://www.exploit-db.com/exploits/19336/
- http://www.exploit-db.com/exploits/19337/
- http://www.exploit-db.com/exploits/19338/
- http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858
- http://www.protekresearchlab.com/index.php?option=com_content&view=art
- http://www.protekresearchlab.com/index.php?option=com_content&view=art
- http://www.protekresearchlab.com/index.php?option=com_content&view=art
- http://www.xnview.com/