XnView PSD Image Multiple Integer Overflow Vulnerabilities

Bugtraq ID:	51546
Class:	Input Validation Error
CVE:	CVE-2012-0684 CVE-2012-0685
Remote:	Yes
Local:	No
Published:	Jan 17 2012 12:00AM
Updated:	Jan 17 2012 12:00AM
Credit:	Justin Kim and Jeong Wook Oh of Microsoft Malware Protection Center (MMPC)
Vulnerable:	XnView XnView 1.98.2 XnView XnView 1.98.1 XnView XnView 1.98
Not Vulnerable:	XnView XnView 1.98.5

XnView PSD Image Multiple Integer Overflow Vulnerabilities

XnView is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied input.

Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

XnView 1.98.2 and prior versions are vulnerable.

XnView PSD Image Multiple Integer Overflow Vulnerabilities

Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

XnView PSD Image Multiple Integer Overflow Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

XnView PSD Image Multiple Integer Overflow Vulnerabilities

References:

• Microsoft Vulnerability Research Advisory MSVR12-001 Vulnerabilities in XnViewer (Microsoft)
  
• XnView Homepage (XnView)