XnView < 1.99.1 JPEG Compressed TIFF Image Multiple Header Value Handling Overflow
High Nessus Plugin ID 62121
SynopsisThe remote Windows host contains an application with a buffer overflow vulnerability.
DescriptionThe version of XnView installed on the remote Windows host is earlier than 1.99.1. It is, therefore, reportedly affected by a heap-based buffer overflow vulnerability. This is due to an error in the handling of TIFF image files having JPEG compression. Specially crafted files of this type can contain certain 'ImageLength' and 'ImageWidth' header values which trigger the vulnerability. Arbitrary code execution is possible.
SolutionUpgrade to XnView version 1.99.1 or later as that reportedly resolves the issue.