VYPR

Xnview

by Xnview

CVEs (149)

  • CVE-2013-2577Aug 9, 2013
    risk 0.04cvss epss 0.12

    Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.

  • CVE-2012-0282Jul 17, 2012
    risk 0.04cvss epss 0.07

    Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image.

  • CVE-2012-0277Jul 17, 2012
    risk 0.04cvss epss 0.08

    Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image.

  • CVE-2012-0276Jul 17, 2012
    risk 0.04cvss epss 0.08

    Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the…

  • CVE-2010-1932Jun 16, 2010
    risk 0.04cvss epss 0.11

    Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.

  • CVE-2008-2427Jun 24, 2008
    risk 0.04cvss epss 0.16

    Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.

  • CVE-2008-0069Apr 2, 2008
    risk 0.04cvss epss 0.08

    Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461.

  • CVE-2008-1461Mar 24, 2008
    risk 0.04cvss epss 0.11

    Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker.

  • CVE-2021-28835Aug 11, 2023
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.

  • CVE-2021-28427Aug 11, 2023
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.

  • CVE-2020-23887Nov 10, 2021
    risk 0.00cvss epss 0.01

    XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33.

  • CVE-2020-23886Nov 10, 2021
    risk 0.00cvss epss 0.01

    XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree.

  • CVE-2013-3493Jan 27, 2020
    risk 0.00cvss epss 0.02

    XnView 2.03 has an integer overflow vulnerability

  • CVE-2013-3492Jan 27, 2020
    risk 0.00cvss epss 0.02

    XnView 2.03 has a stack-based buffer overflow vulnerability

  • CVE-2013-3246Jan 2, 2020
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.

  • CVE-2013-3247Jan 2, 2020
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.

  • CVE-2013-3937Jan 2, 2020
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.

  • CVE-2013-3939Jan 2, 2020
    risk 0.00cvss epss 0.02

    xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based…

  • CVE-2013-3941Jan 2, 2020
    risk 0.00cvss epss 0.03

    Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer…

  • CVE-2019-9965Mar 24, 2019
    risk 0.00cvss epss 0.01

    XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.

Page 7 of 8