XnView Multiple Buffer Overflow Vulnerabilities - Mar12 (Win) Network Vulnerability

Summary

This host has XnView installed and is prone to multiple heap based buffer overflow vulnerabilities. Vulnerabilities Insight: The flaws are due to - A signedness error in the FlashPix plugin (Xfpx.dll) when validating buffer sizes to process image's content. - An error when processing image data within Personal Computer eXchange (PCX) files. - A boundary error when parsing a directory, which allows attackers to cause a buffer overflow when browsing folder from an extracted archive file.

Impact

Successful exploitation will allow attackers to execute arbitrary code on the system via a specially crafted files or cause a denial of service condition. Impact Level: System/Application

Solution

Update to XnView version 1.98.8 or later, For updates refer to http://www.xnview.com/

Affected

XnView versions 1.98.5 and prior on windows

References

http://forums.cnet.com/7726-6132_102-5285780.html
http://secunia.com/advisories/47388/
http://www.exploit-db.com/exploits/18491/
http://www.securityfocus.com/bid/52405/info

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Amarok Player Multiple Vulnerabilities
A-V Tronics InetServ POP3 Denial Of Service Vulnerability
Citrix Provisioning Services SoapServer Buffer Overflow Vulnerability
Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability
Apple QuickTime Multiple Vulnerabilities - Sep09

Take action and discover your vulnerabilities