XnView < 1.98.6 Multiple Buffer Overflow Vulnerabilities
High Nessus Plugin ID 58386
SynopsisThe remote Windows host contains an application with multiple buffer overflow vulnerabilities.
DescriptionThe version of XnView installed on the remote Windows host is earlier than 1.98.6. As such, it is reportedly affected by multiple buffer overflow vulnerabilities. These vulnerabilities are related to processing FPX and PCX files, and can also be triggered by certain directory names when browsing folders within the program. An attacker could exploit these vulnerabilities by tricking a victim into opening a specially crafted file that could allow for arbitrary code to be executed in the context of the application.
SolutionUpgrade to XnView version 1.98.6 or later as that reportedly resolves the issue.