CVE-2019-13254

Vulnerability

XnView Classic version 2.48 (xnview.exe 2.48.0.0 x86) contains a user-mode write access violation (AV) triggered when opening a crafted image file. The crash occurs at the instruction at virtual address xnview+0x000000000032e808 (hash=0xb0048d34.0xfe2b1b06). The crash is reproduced by supplying the malformed file as a command-line argument to the application. [1]

Exploitation

An attacker must provide a specially crafted image file to a victim running XnView Classic 2.48. No authentication or special network position is required beyond delivering the file (e.g., via email attachment, download link, or USB). When the victim opens the file (either by double-clicking or via command line), the application attempts to write to an invalid memory address, leading to the access violation. The crash was reproduced in a WinDbg session using a proof-of-concept file (id_000173_00). [1]

Impact

The denial of service (application crash) is the immediate consequence. The description indicates a "User Mode Write AV," which could potentially be exploited further under certain memory corruption conditions, but the available source does not demonstrate code execution or privilege escalation. [1]

Mitigation

No official patch or fixed version is documented in the provided references. The vendor should be contacted for an update. As of the publication date (2019-07-04), users are advised to avoid opening untrusted images with XnView Classic 2.48 and consider using alternative image viewers until a fix is released. [1]