MidnightBSD

Advisories for xnview

CVE-2009-4001 HIGH

Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
xnview xnview 1.93.4
xnview xnview 1.94.2
xnview xnview 1.45
xnview xnview 1.70.3
xnview xnview 1.37
xnview xnview 1.19
xnview xnview 1.02
xnview xnview 1.16
xnview xnview 1.91.1
xnview xnview 1.95.3
xnview xnview 1.50
xnview xnview 1.66
xnview xnview 1.93.2
xnview xnview 1.13
xnview xnview 1.36
xnview xnview 1.95.4
xnview xnview 1.25
xnview xnview 1.60
xnview xnview 1.91.3
xnview xnview 1.96.5
xnview xnview 1.33
xnview xnview 1.32
xnview xnview 1.07
xnview xnview *
xnview xnview 1.80.1
xnview xnview 1.95.2
xnview xnview 1.80.2
xnview xnview 1.82
xnview xnview 1.96.1
xnview xnview 1.82.4
xnview xnview 1.11
xnview xnview 1.74
xnview xnview 1.21
xnview xnview 1.09
xnview xnview 1.55
xnview xnview 1.23
xnview xnview 1.92
xnview xnview 1.04
xnview xnview 1.92.1
xnview xnview 1.65
xnview xnview 1.93.6
xnview xnview 1.97
xnview xnview 1.12
xnview xnview 1.01
xnview xnview 1.22
xnview xnview 1.18
xnview xnview 1.82.3
xnview xnview 1.91.2
xnview xnview 1.18.1
xnview xnview 1.70
xnview xnview 1.91.4
xnview xnview 1.91
xnview xnview 1.40
xnview xnview 1.0
xnview xnview 1.90.3
xnview xnview 1.96.2
xnview xnview 1.70.4
xnview xnview 1.91.6
xnview xnview 1.34
xnview xnview 1.95.1
xnview xnview 1.95
xnview xnview 1.93.3
xnview xnview 1.68.1
xnview xnview 1.94
xnview xnview 1.17
xnview xnview 1.10
xnview xnview 1.03
xnview xnview 1.20
xnview xnview 1.93
xnview xnview 1.93.1
xnview xnview 1.14
xnview xnview 1.70.2
xnview xnview 1.82.2
xnview xnview 1.61
xnview xnview 1.91.5
xnview xnview 1.30
xnview xnview 1.90
xnview xnview 1.35
xnview xnview 1.90.1
xnview xnview 1.50.1
xnview xnview 1.06
xnview xnview 1.05
xnview xnview 1.08
xnview xnview 1.80.3
xnview xnview 1.67
xnview xnview 1.96
xnview xnview 1.15
xnview xnview 1.80
xnview xnview 1.31
xnview xnview 1.24
xnview xnview 1.41
xnview xnview 1.46
xnview xnview 1.68
xnview xnview 1.94.1
CVE-2010-1932 HIGH

Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 1.97.4
CVE-2011-1338 MEDIUM

Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the "Open containing folder" menu item.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xnview xnview 1.74
xnview xnview *
xnview xnview 1.80.3
xnview xnview 1.80.1
xnview xnview 1.80
xnview xnview 1.80.2
xnview xnview 1.82
CVE-2012-0276 MEDIUM

Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview *
CVE-2012-0277 MEDIUM

Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview *
CVE-2012-0282 MEDIUM

Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview *
CVE-2012-0684 HIGH

Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
xnview xnview 1.93.4
xnview xnview 1.94.2
xnview xnview 1.45
xnview xnview 1.19
xnview xnview 1.02
xnview xnview 1.95.3
xnview xnview 1.50
xnview xnview 1.66
xnview xnview 1.13
xnview xnview 1.95.4
xnview xnview 1.25
xnview xnview 1.60
xnview xnview 1.91.3
xnview xnview 1.96.5
xnview xnview 1.95.2
xnview xnview 1.80.2
xnview xnview 1.82.4
xnview xnview 1.11
xnview xnview 1.74
xnview xnview 1.21
xnview xnview 1.09
xnview xnview 1.55
xnview xnview 1.92.1
xnview xnview 1.65
xnview xnview 1.12
xnview xnview 1.22
xnview xnview 1.82.3
xnview xnview 1.91.2
xnview xnview 1.18.1
xnview xnview 1.70
xnview xnview 1.91.4
xnview xnview 1.40
xnview xnview 1.0
xnview xnview 1.97.4
xnview xnview 1.70.4
xnview xnview 1.34
xnview xnview 1.95
xnview xnview 1.93.3
xnview xnview 1.68.1
xnview xnview 1.94
xnview xnview 1.17
xnview xnview 1.03
xnview xnview 1.93
xnview xnview 1.93.1
xnview xnview 1.70.2
xnview xnview 1.82.2
xnview xnview 1.61
xnview xnview 1.90
xnview xnview 1.35
xnview xnview 1.50.1
xnview xnview 1.06
xnview xnview 1.05
xnview xnview 1.96
xnview xnview 1.15
xnview xnview 1.24
xnview xnview 1.46
xnview xnview 1.94.1
xnview xnview 1.97.1
xnview xnview 1.70.3
xnview xnview 1.37
xnview xnview 1.97.2
xnview xnview 1.16
xnview xnview 1.91.1
xnview xnview 1.93.2
xnview xnview 1.36
xnview xnview 1.33
xnview xnview 1.32
xnview xnview 1.07
xnview xnview *
xnview xnview 1.80.1
xnview xnview 1.82
xnview xnview 1.96.1
xnview xnview 1.23
xnview xnview 1.92
xnview xnview 1.04
xnview xnview 1.93.6
xnview xnview 1.97
xnview xnview 1.01
xnview xnview 1.18
xnview xnview 1.91
xnview xnview 1.90.3
xnview xnview 1.96.2
xnview xnview 1.91.6
xnview xnview 1.95.1
xnview xnview 1.10
xnview xnview 1.20
xnview xnview 1.14
xnview xnview 1.91.5
xnview xnview 1.30
xnview xnview 1.90.1
xnview xnview 1.08
xnview xnview 1.80.3
xnview xnview 1.67
xnview xnview 1.80
xnview xnview 1.31
xnview xnview 1.41
xnview xnview 1.68
CVE-2012-0685 HIGH

Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
xnview xnview 1.93.4
xnview xnview 1.94.2
xnview xnview 1.45
xnview xnview 1.19
xnview xnview 1.02
xnview xnview 1.95.3
xnview xnview 1.50
xnview xnview 1.66
xnview xnview 1.13
xnview xnview 1.95.4
xnview xnview 1.25
xnview xnview 1.60
xnview xnview 1.91.3
xnview xnview 1.96.5
xnview xnview 1.95.2
xnview xnview 1.80.2
xnview xnview 1.82.4
xnview xnview 1.11
xnview xnview 1.74
xnview xnview 1.21
xnview xnview 1.09
xnview xnview 1.55
xnview xnview 1.92.1
xnview xnview 1.65
xnview xnview 1.12
xnview xnview 1.22
xnview xnview 1.82.3
xnview xnview 1.91.2
xnview xnview 1.18.1
xnview xnview 1.70
xnview xnview 1.91.4
xnview xnview 1.40
xnview xnview 1.0
xnview xnview 1.97.4
xnview xnview 1.70.4
xnview xnview 1.34
xnview xnview 1.95
xnview xnview 1.93.3
xnview xnview 1.68.1
xnview xnview 1.94
xnview xnview 1.17
xnview xnview 1.03
xnview xnview 1.93
xnview xnview 1.93.1
xnview xnview 1.70.2
xnview xnview 1.82.2
xnview xnview 1.61
xnview xnview 1.90
xnview xnview 1.35
xnview xnview 1.50.1
xnview xnview 1.06
xnview xnview 1.05
xnview xnview 1.96
xnview xnview 1.15
xnview xnview 1.24
xnview xnview 1.46
xnview xnview 1.94.1
xnview xnview 1.97.1
xnview xnview 1.70.3
xnview xnview 1.37
xnview xnview 1.97.2
xnview xnview 1.16
xnview xnview 1.91.1
xnview xnview 1.93.2
xnview xnview 1.36
xnview xnview 1.33
xnview xnview 1.32
xnview xnview 1.07
xnview xnview *
xnview xnview 1.80.1
xnview xnview 1.82
xnview xnview 1.96.1
xnview xnview 1.23
xnview xnview 1.92
xnview xnview 1.04
xnview xnview 1.93.6
xnview xnview 1.97
xnview xnview 1.01
xnview xnview 1.18
xnview xnview 1.91
xnview xnview 1.90.3
xnview xnview 1.96.2
xnview xnview 1.91.6
xnview xnview 1.95.1
xnview xnview 1.10
xnview xnview 1.20
xnview xnview 1.14
xnview xnview 1.91.5
xnview xnview 1.30
xnview xnview 1.90.1
xnview xnview 1.08
xnview xnview 1.80.3
xnview xnview 1.67
xnview xnview 1.80
xnview xnview 1.31
xnview xnview 1.41
xnview xnview 1.68
CVE-2012-1051 MEDIUM

Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 1.98.5
CVE-2013-2577 HIGH

Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 1.93.4
xnview xnview 1.98
xnview xnview 1.94.2
xnview xnview 1.45
xnview xnview 1.19
xnview xnview 1.02
xnview xnview 1.95.3
xnview xnview 1.50
xnview xnview 1.66
xnview xnview 1.98.8
xnview xnview 1.13
xnview xnview 1.95.4
xnview xnview 1.25
xnview xnview 1.60
xnview xnview 1.91.3
xnview xnview 1.96.5
xnview xnview 1.98.4
xnview xnview 1.95.2
xnview xnview 1.80.2
xnview xnview 1.82.4
xnview xnview 1.11
xnview xnview 1.74
xnview xnview 1.21
xnview xnview 1.09
xnview xnview 1.55
xnview xnview 1.92.1
xnview xnview 1.65
xnview xnview 1.12
xnview xnview 1.22
xnview xnview 1.82.3
xnview xnview 1.91.2
xnview xnview 1.18.1
xnview xnview 1.70
xnview xnview 1.91.4
xnview xnview 1.98.6
xnview xnview 1.40
xnview xnview 1.0
xnview xnview 1.97.4
xnview xnview 1.70.4
xnview xnview 1.34
xnview xnview 1.95
xnview xnview 1.93.3
xnview xnview 1.68.1
xnview xnview 1.94
xnview xnview 1.17
xnview xnview 1.03
xnview xnview 1.93
xnview xnview 1.93.1
xnview xnview 1.98.3
xnview xnview 1.70.2
xnview xnview 1.82.2
xnview xnview 1.61
xnview xnview 1.90
xnview xnview 1.35
xnview xnview 1.50.1
xnview xnview 1.06
xnview xnview 1.05
xnview xnview 1.96
xnview xnview 1.15
xnview xnview 1.24
xnview xnview 1.97.3
xnview xnview 1.46
xnview xnview 1.94.1
xnview xnview 1.97.1
xnview xnview 1.70.3
xnview xnview 1.37
xnview xnview 1.97.2
xnview xnview 1.16
xnview xnview 1.91.1
xnview xnview 1.99
xnview xnview 1.93.2
xnview xnview 1.36
xnview xnview 1.33
xnview xnview 1.98.1
xnview xnview 1.32
xnview xnview 1.07
xnview xnview 1.97.5
xnview xnview *
xnview xnview 1.80.1
xnview xnview 1.82
xnview xnview 1.96.1
xnview xnview 1.99.1
xnview xnview 1.23
xnview xnview 1.98.7
xnview xnview 1.92
xnview xnview 1.97.6
xnview xnview 1.04
xnview xnview 1.97.8
xnview xnview 1.93.6
xnview xnview 1.97
xnview xnview 1.01
xnview xnview 1.18
xnview xnview 1.91
xnview xnview 1.97.7
xnview xnview 1.90.3
xnview xnview 1.96.2
xnview xnview 1.91.6
xnview xnview 1.98.5
xnview xnview 1.95.1
xnview xnview 1.10
xnview xnview 1.20
xnview xnview 1.98.2
xnview xnview 1.14
xnview xnview 1.91.5
xnview xnview 1.30
xnview xnview 1.90.1
xnview xnview 1.08
xnview xnview 1.80.3
xnview xnview 1.67
xnview xnview 1.80
xnview xnview 1.31
xnview xnview 1.41
xnview xnview 1.68
CVE-2013-3246 MEDIUM

Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview *
CVE-2013-3247 MEDIUM

Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview *
CVE-2013-3492 HIGH

XnView 2.03 has a stack-based buffer overflow vulnerability

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview 2.03
CVE-2013-3493 HIGH

XnView 2.03 has an integer overflow vulnerability

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
xnview xnview 2.03
CVE-2013-3937 MEDIUM

Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview *
CVE-2013-3938 HIGH

Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
xnview xnview 2.13
CVE-2013-3939 MEDIUM

xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview *
CVE-2013-3941 HIGH

Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview *
CVE-2017-10736 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at msvcrt!_VEC_memzero+0x000000000000006a."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10737 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10738 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from KERNELBASE!CompareStringW+0x0000000000000082."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10739 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000000c1b541c called from xnview+0x00000000003826ec."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10740 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10741 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10742 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10743 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!LdrpInitializeNode+0x000000000000015b."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10744 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::s_ToolTipsWndProc+0x0000000000000032."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10745 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!RtlProcessFlsData+0x00000000000000b0."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10746 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10747 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000037a8aa."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10748 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000022bf8d."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10749 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10750 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV near NULL starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10751 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10752 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10753 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByMapping+0x0000000000000046."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10754 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10755 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInitializeThread+0x000000000000010b."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10756 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpRemoveUCRBlock+0x0000000000000046."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10757 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10758 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000004b4."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10759 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInsertDependencyRecord+0x0000000000000039."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10760 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10761 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10762 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x000000000000042f."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10763 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByHandle+0x0000000000000031."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10764 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at COMCTL32!Tab_OnGetItem+0x000000000000002f."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10765 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at IMM32!ImmLockImeDpi+0x0000000000000050."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10766 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at GDI32!ScriptStringAnalyse+0x00000000000001c8."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10767 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!StateObjectListFind+0x0000000000000005."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10768 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10769 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018" (without RPC initialization).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10770 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x000000000000053a."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10771 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x0000000000000510."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10772 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018" (with RPC initialization).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10773 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at MSCTF!_CtfImeCreateThreadMgr+0x00000000000000a8."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10774 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!FindSortHashNode+0x0000000000000040."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10775 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a "Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10776 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a "Read Access Violation starting at ntdll_77df0000!LdrShutdownProcess+0x0000000000000130."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10777 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b24."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10778 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000233125."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10779 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000013a20."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10780 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b4a."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10781 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByName+0x00000000000000a5."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10782 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-10783 MEDIUM

XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14270 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14271 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14272 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000595d."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14273 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14274 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14275 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14276 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14277 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005956."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14278 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005940."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14279 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005643."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14280 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14281 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14282 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005862."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14283 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000008fe4."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14284 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14285 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x000000000000039b."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14538 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14541 MEDIUM

XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-14580 MEDIUM

XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000870f."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.41
CVE-2017-15772 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285e9d."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15773 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285d79."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15774 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls Code Flow starting at CADImage+0x0000000000221a9a."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15775 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000259aa4."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15776 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285ec1."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15777 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at CADImage+0x0000000000288750."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15778 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285de7."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15779 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15780 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285dad."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15781 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15782 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000032eb."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15783 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000285ce1."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15784 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an "Illegal Instruction Violation starting at xnview+0x0000000000370074."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15785 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15786 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x00000000001a78db."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15787 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation starting at xnview+0x0000000000580063."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15788 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x0000000000002d83."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15789 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000048e7."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15801 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15802 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-15803 MEDIUM

XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000150."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.43
CVE-2017-8282 MEDIUM

XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in "Browser" mode, because of a "User Mode Write AV near NULL" in XnView.exe.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-8381 MEDIUM

XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in "Browser" mode, because of a "User Mode Write AV near NULL" in XnView.exe.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-8781 MEDIUM

XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in "Browser" mode, because of a "Stack Buffer Overrun" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9529 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x0000000000004efd."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9893 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000012548."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9894 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000029272."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9895 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e95."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9896 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000013e8a."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9897 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x000000000000dcab."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9898 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x0000000000004cbb."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9899 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e388."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9900 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9901 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls subsequent Write Address starting at Xfpx!gffGetFormatInfo+0x000000000002bfd5."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9902 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e91."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9903 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx+0x00000000000117ff."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9904 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9905 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at Xfpx!gffGetFormatInfo+0x00000000000228e8."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9906 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9907 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Possible Stack Corruption starting at Xfpx!gffGetFormatInfo+0x0000000000022e1f."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9908 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a "Read Access Violation starting at Xfpx+0x000000000000d6da."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9909 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9910 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to an "Error Code (0xc000041d) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9911 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx+0x0000000000010e81."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9912 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9913 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!TpAllocCleanupGroup+0x00000000000003d7."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2017-9914 MEDIUM

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a "Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.40
CVE-2018-15174 MEDIUM

XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.45
CVE-2018-15175 MEDIUM

XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.45
CVE-2018-15176 MEDIUM

XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview 2.45
CVE-2019-13083 MEDIUM

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview 2.48
CVE-2019-13084 MEDIUM

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview 2.48
CVE-2019-13085 MEDIUM

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview 2.48
CVE-2019-13253 MEDIUM

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview 2.48
CVE-2019-13254 MEDIUM

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview 2.48
CVE-2019-13255 MEDIUM

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview 2.48
CVE-2019-13256 MEDIUM

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
xnview xnview 2.48
CVE-2019-13257 MEDIUM

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
xnview xnview 2.48
CVE-2019-13258 MEDIUM

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
xnview xnview 2.48
CVE-2019-13259 MEDIUM

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
xnview xnview 2.48
CVE-2019-13260 MEDIUM

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
xnview xnview 2.48
CVE-2019-13261 MEDIUM

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
xnview xnview 2.48
CVE-2019-13262 MEDIUM

XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
xnview xnview 2.48
CVE-2019-17261 MEDIUM

XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview 2.49.1
CVE-2019-17262 MEDIUM

XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview 2.49.1
CVE-2019-9962 MEDIUM

XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview_mp 0.93.1
CVE-2019-9963 MEDIUM

XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview_mp 0.93.1
CVE-2019-9964 MEDIUM

XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview_mp 0.93.1
CVE-2019-9965 MEDIUM

XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview_mp 0.93.1
CVE-2019-9966 MEDIUM

XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview_classic 2.48
CVE-2019-9967 MEDIUM

XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview_classic 2.48
CVE-2019-9968 MEDIUM

XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview_classic 2.48
CVE-2019-9969 MEDIUM

XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xnview xnview_classic 2.48
CVE-2020-23886 MEDIUM

XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview_mp *
CVE-2020-23887 MEDIUM

XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
xnview xnview_mp *
CVE-2021-28427

Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
xnview xnview 2.49.3
CVE-2021-28835

Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
cve@mitre.org 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
xnview xnview *
CVE-2023-43250

XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
xnview nconvert 7.136
CVE-2023-43251

XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
xnview nconvert 7.136
CVE-2023-43252

XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
xnview nconvert 7.136
CVE-2023-46587

Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
xnview xnview 2.51.5
CVE-2023-52173

XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
xnview xnview_classic *
CVE-2023-52174

XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
xnview xnview_classic *
CVE-2024-11950

XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913.

Products Affected

Vendor Product Version
xnview xnview 2.51.5
CVE-2024-22532

Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file.

Products Affected

Vendor Product Version
xnview nconvert 7.136