Xnview: Security Vulnerabilities
Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.
CVSS Score
9.3
EPSS Score
0.318
Published
2013-08-09
Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL.
CVSS Score
6.8
EPSS Score
0.149
Published
2012-07-17
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image.
CVSS Score
6.8
EPSS Score
0.046
Published
2012-07-17
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image.
CVSS Score
6.8
EPSS Score
0.113
Published
2012-07-17
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685.
CVSS Score
9.3
EPSS Score
0.029
Published
2012-05-09
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684.
CVSS Score
9.3
EPSS Score
0.029
Published
2012-05-09
Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
CVSS Score
6.8
EPSS Score
0.031
Published
2012-02-13
Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the "Open containing folder" menu item.
CVSS Score
6.9
EPSS Score
0.001
Published
2011-07-11
Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.
CVSS Score
9.3
EPSS Score
0.104
Published
2010-06-16
Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.
CVSS Score
9.3
EPSS Score
0.121
Published
2010-03-15