XnView RGBE File Handling Buffer Overflow
High Nessus Plugin ID 30130
SynopsisThe remote Windows host contains an application that reportedly is affected by a buffer overflow vulnerability.
DescriptionXnView, an application to view and convert graphic files, is installed on the remote host.
The version of XnView on the remote host reportedly contains a stack- based buffer overflow that can be triggered when reading a specially- crafted Radiance RGBE ('.hdr') file. If an attacker can trick a user on the affected host into opening such a file, this issue could be leveraged to execute arbitrary code on the host subject to the user's privileges.
SolutionUpgrade to XnView version 1.92.1 or later as that reportedly resolves the issue.