XnView PSD Record Type Parsing Integer Overflow Vulnerabilities (Windows) Network Vulnerability

Summary

This host has XnView installed and is prone to multiple integer overflow vulnerabilities. Vulnerabilities Insight: The flaws are due to integer overflow errors within the parsing of PSD record types and can be exploited to cause buffer overflows via a specially crafted PSD image.

Impact

Successful exploitation will allow attackers to execute arbitrary code on the system or cause a denial of service condition. Impact Level: System/Application

Solution

Update to XnView version 1.98.5 or later, For updates refer to http://www.xnview.com/

Affected

XnView versions 1.98.2 and prior on windows

References

http://osvdb.org/show/osvdb/78357
http://secunia.com/advisories/47600/
http://technet.microsoft.com/en-us/security/msvr/msvr12-001

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0684, CVE-2012-0685
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Windows)
Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability
ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Mac OS X)
Alleycode HTML Editor Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities