Multiple XnView Products TAAC File Buffer Overflow Vulnerability
BID:29851
Info
Multiple XnView Products TAAC File Buffer Overflow Vulnerability
| Bugtraq ID: | 29851 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2008-2427 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 20 2008 12:00AM |
| Updated: | Jul 29 2008 07:47PM |
| Credit: | Stefan Cornelius, Secunia Research |
| Vulnerable: |
XnView XnView Standard 1.93.6 XnView XnView Standard 1.70 XnView NConvert 4.92 XnView GFL SDK 2.82 |
| Not Vulnerable: |
XnView XnView Standard 1.94 beta 1 |
Discussion
Multiple XnView Products TAAC File Buffer Overflow Vulnerability
The XnView, NConvert, and GFL SDK products are all vulnerable to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input in malicious image files.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected applications, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in crashes.
The following packages are affected by this issue:
- XnView 1.70 for Linux and FreeBSD
- XnView 1.93.6 for Windows
- GFL SDK 2.82
- NConvert 4.92
Other versions may also be affected.
The XnView, NConvert, and GFL SDK products are all vulnerable to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input in malicious image files.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected applications, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in crashes.
The following packages are affected by this issue:
- XnView 1.70 for Linux and FreeBSD
- XnView 1.93.6 for Windows
- GFL SDK 2.82
- NConvert 4.92
Other versions may also be affected.
Exploit / POC
Multiple XnView Products TAAC File Buffer Overflow Vulnerability
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploit code is available:
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploit code is available:
Solution / Fix
Multiple XnView Products TAAC File Buffer Overflow Vulnerability
Solution:
An update is available for XnView for Windows. Users of affected packages should contact the vendor for information on obtaining and applying fixes.
Solution:
An update is available for XnView for Windows. Users of affected packages should contact the vendor for information on obtaining and applying fixes.
References
Multiple XnView Products TAAC File Buffer Overflow Vulnerability
References:
References:
- GFL SDK Homepage (XnView)
- NConvert Homepage (XnView)
- XnView Homepage (XnView)
- Secunia Research: XnView, NConvert, and GFL SDK Sun TAAC Buffer Overflow (Secunia Research
) - Secunia Research: XnView, NConvert, and GFL SDK Sun TAAC Buffer Overflow (Secunia)