XnView Multiple Memory Corruption Vulnerabilities

Bugtraq ID:	52057
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 17 2012 12:00AM
Updated:	Feb 17 2012 12:00AM
Credit:	Luigi Auriemma
Vulnerable:	XnView XnView 1.98.5 XnView XnView 1.98.2 XnView XnView 1.98.1 XnView XnView 1.90.3 XnView XnView 1.98
Not Vulnerable:

XnView Multiple Memory Corruption Vulnerabilities

XnView is prone to multiple memory corruption vulnerabilities because it fails to properly validate user-supplied input.

Successful exploits may allow attackers to execute arbitrary code in the context of application. Failed exploit attempts will likely result in denial-of-service conditions.

XnView versions 1.98.5 and prior are vulnerable.

XnView Multiple Memory Corruption Vulnerabilities

The following proof-of-concept is available:

• /data/vulnerabilities/exploits/52057.zip

XnView Multiple Memory Corruption Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

XnView Multiple Memory Corruption Vulnerabilities

References:

• XnView <= 1.98.5 Multiple Vulnerabilities (XnView)
  
• XnView Homepage (XnView)