BID:23625

XnView XPMHeaders Buffer Overflow Vulnerability

Info

XnView XPMHeaders Buffer Overflow Vulnerability

Bugtraq ID:	23625
Class:	Boundary Condition Error
CVE:	CVE-2007-2194
Remote:	Yes
Local:	No
Published:	Apr 24 2007 12:00AM
Updated:	Jul 12 2007 03:37AM
Credit:	Marsu is credited with the discovery of this vulnerability.
Vulnerable:	XnView XnView 1.90.3 Gentoo Linux

Not Vulnerable:

Discussion

XnView XPMHeaders Buffer Overflow Vulnerability

XnView is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial of service.

This issue affects XnView 1.90.3; other versions may also be vulnerable.

Exploit / POC

XnView XPMHeaders Buffer Overflow Vulnerability

The following exploit is available:

/data/vulnerabilities/exploits/XnView-23625.c

Solution / Fix

XnView XPMHeaders Buffer Overflow Vulnerability

Solution:
Gentoo Linux security advisory GLSA 200707-06 and fixes are available; please contact the vendor for information on obtaining and installing these fixes.

References

XnView XPMHeaders Buffer Overflow Vulnerability

References:

XnView Homepage (XnView)
[ GLSA 200707-06 ] XnView: Stack-based buffer overflow (Stefan Cornelius )