XnView 2.x < 2.03 Multiple Buffer Overflow Vulnerabilities
High Nessus Plugin ID 66859
SynopsisThe remote Windows host contains an application that is affected by multiple buffer overflow vulnerabilities.
DescriptionThe version of XnView installed on the remote Windows host is 2.x, earlier than 2.03. It is, therefore, reportedly affected by the following buffer overflow vulnerabilities:
- A stack-based buffer overflow exists in the 'XCF' image handling layer. (CVE-2013-3246)
- A heap-based buffer overflow exists when handling decompression of RLE layers in a specially crafted 'XCF' file. (CVE-2013-3247)
SolutionUpgrade to XnView version 2.03 or later.