XnView DICOM Parsing Integer Overflow Vulnerability (Linux) Network Vulnerability

Summary

This host has XnView installed and is prone to integer overflow vulnerability. Vulnerabilities Insight: The flaw is due to integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by persuading a victim to open a specially-crafted DICOM image file.

Impact

Attackers can exploit this issue to cause buffer overflow and execute arbitrary code on the system with elevated privileges or cause the application to crash. Impact Level: System/Application

Solution

Update to XnView version 1.97.2 For updates refer to http://www.xnview.com/

Affected

XnView versions prior to 1.97.2 on linux

References

http://www.osvdb.org/62829
http://www.securityfocus.com/archive/1/archive/1/509999/100/0/threaded
http://xforce.iss.net/xforce/xfdb/56802

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4001
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities
Apple iTunes '.pls' Files Buffer Overflow Vulnerability
Cscope Multiple Buffer Overflow vulnerability
Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Mac OS X)
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Linux)

Take action and discover your vulnerabilities