XnView < 1.99.1 JPEG Compressed TIFF Image Multiple Header Value Handling Overflow

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application with a buffer overflow
vulnerability.

Description :

The version of XnView installed on the remote Windows host is earlier
than 1.99.1. It is, therefore, reportedly affected by a heap-based
buffer overflow vulnerability. This is due to an error in the handling
of TIFF image files having JPEG compression. Specially crafted files of
this type can contain certain 'ImageLength' and 'ImageWidth' header
values which trigger the vulnerability. Arbitrary code execution is
possible.

See also :

http://www.fuzzmyapp.com/advisories/FMA-2011-016/FMA-2011-016-EN.xml
http://newsgroup.xnview.com/viewtopic.php?f=35&t=26736

Solution :

Upgrade to XnView version 1.99.1 or later as that reportedly resolves
the issue.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 62121 ()

Bugtraq ID: 55482

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now