Detections
Analytics
XnView < 1.99.0 Multiple Buffer Overflow Vulnerabilities
medium Nessus Plugin ID 59606
Language:
Synopsis
The remote Windows host contains an application with multiple buffer overflow vulnerabilities.Description
The version of XnView installed on the remote Windows host is earlier than 1.99.0. It therefore is reportedly affected by the following heap-based buffer overflow vulnerabilities :- An integer truncation issue exists related to the handling of the depth value in 'Sun Raster' (RAS) image files.
- A boundary violation issue exists in 'NCSEcw.dll' related to the decompression of 'Enhanced Compressed Wavelet' (ECW) image files.
- A boundary violation issue exists in 'Xfpx.dll' related to the handling of 'FlashPix' (FPX) image files.
- Errors exist related to decompressing 'TIFF' images that use 'SGI32LogLum' compression.
- An error exists related to the handling of 'PCT' image decompression.
- An error exists related to the handling of 'GIF' images that have certain values for 'ImageLeftPosition'.
Solution
Upgrade to XnView version 1.99.0 or later as that reportedly resolves the issue.See Also
http://www.nessus.org/u?86d25bf7
http://www.nessus.org/u?db1ff78b
http://www.nessus.org/u?8499541f
http://www.nessus.org/u?9470d60a
http://www.nessus.org/u?01938237
http://www.nessus.org/u?b6b263c8
Plugin Details
Severity: Medium
ID: 59606
File Name: xnview_1_99_0.nasl
Version: 1.7
Type: local
Agent: windows
Family: Windows
Published: 6/20/2012
Updated: 12/4/2019
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2012-0282
Vulnerability Information
CPE: cpe:/a:xnview:xnview
Required KB Items: SMB/XnView/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/5/2012
Vulnerability Publication Date: 6/15/2012