XnView 2.x < 2.13 Multiple Buffer Overflows

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application that is affected by
multiple buffer overflow vulnerabilities.

Description :

The version of XnView 2.x installed on the remote Windows host is
earlier than 2.13. It is, therefore, reportedly affected by the
following buffer overflow vulnerabilities:

- A remote, heap-based buffer overflow vulnerability
exists due to an error in the 'xnview.exe' file when
processing BMP files. An attacker can exploit this issue
through a specially crafted 'biBitCount' field.
(CVE-2013-3937)

- A remote, heap-based buffer overflow vulnerability
exists because XnView fails to properly bounds-check
user-supplied input before copying it to an
insufficiently sized memory buffer. Specifically, this
issue occurs due to a sign-extension error in the
'xnview.exe' file when processing RLE strip lengths in
RGB files. An attacker can exploit this issue through a
specially crafted RLE strip size field. (CVE-2013-3939)

- A remote, heap-based buffer overflow vulnerability
exists because XnView fails to properly bounds-check
user-supplied input before copying it to an
insufficiently sized memory buffer. Specifically, this
issue occurs in 'Xjp2.dll' when using the Csiz parameter
of the SIZ marker and lqcd field of the QCD marker. An
attacker can exploit this issue through a specially
crafted JPEG2000 file. (CVE-2013-3941)

See also :

http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087

Solution :

Upgrade to XnView version 2.13 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 71864 ()

Bugtraq ID: 64438
64439
64441

CVE ID: CVE-2013-3937
CVE-2013-3939
CVE-2013-3941