XnView RGBE File Handling Buffer Overflow

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains an application that reportedly is
affected by a buffer overflow vulnerability.

Description :

XnView, an application to view and convert graphic files, is installed
on the remote host.

The version of XnView on the remote host reportedly contains a stack-
based buffer overflow that can be triggered when reading a specially-
crafted Radiance RGBE ('.hdr') file. If an attacker can trick a user
on the affected host into opening such a file, this issue could be
leveraged to execute arbitrary code on the host subject to the user's

See also :


Solution :

Upgrade to XnView version 1.92.1 or later as that reportedly resolves
the issue.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 30130 ()

Bugtraq ID: 27514

CVE ID: CVE-2008-0064

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now