CVE-2019-9967

Vulnerability

XnView Classic 2.48 on Windows is vulnerable to a crash triggered by a crafted file. The crash occurs in the ntdll!RtlPrefixUnicodeString function, as reported in the crash dump. The exact input vector (e.g., image format, file size, or specific data) is not detailed, but the vulnerability is reachable by opening a malicious file in the application. The affected version is explicitly 2.48 [1].

Exploitation

An attacker can exploit this vulnerability by crafting a file that, when opened in XnView Classic 2.48, triggers a memory corruption in ntdll!RtlPrefixUnicodeString. No authentication or special network position is required; the attacker only needs to trick the user into opening the file (e.g., via email attachment or web download). The crash is reproducible on Windows 7 (32-bit) [1].

Impact

Successful exploitation causes a denial of service via application crash. The description notes “possibly have unspecified other impact,” but no code execution or data exfiltration is confirmed in the available references. The crash yields a write access violation in ntdll!RtlFreeHeap, indicating potential memory corruption [1].

Mitigation

No official fix is available from the vendor as of the reference’s publication. The application is closed-source and no workaround is provided. Users may consider using alternative image viewers or avoiding opening untrusted files until a patch is released.