Xnview
by Xnview
CVEs (149)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9964 | 0.00 | — | 0.01 | Mar 24, 2019 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey. | |||
| CVE-2019-9963 | 0.00 | — | 0.01 | Mar 24, 2019 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap. | |||
| CVE-2019-9962 | 0.00 | — | 0.01 | Mar 24, 2019 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy. | |||
| CVE-2013-3938 | 0.00 | — | 0.04 | Mar 18, 2014 | Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow. | |||
| CVE-2012-0685 | 0.00 | — | 0.04 | May 9, 2012 | Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684. | |||
| CVE-2012-0684 | 0.00 | — | 0.04 | May 9, 2012 | Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685. | |||
| CVE-2012-1051 | 0.00 | — | 0.03 | Feb 13, 2012 | Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | |||
| CVE-2011-1338 | 0.00 | — | 0.00 | Jul 11, 2011 | Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the "Open containing folder" menu item. | |||
| CVE-2009-4001 | 0.00 | — | 0.05 | Mar 15, 2010 | Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow. |
- CVE-2019-9964Mar 24, 2019risk 0.00cvss —epss 0.01
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.
- CVE-2019-9963Mar 24, 2019risk 0.00cvss —epss 0.01
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.
- CVE-2019-9962Mar 24, 2019risk 0.00cvss —epss 0.01
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.
- CVE-2013-3938Mar 18, 2014risk 0.00cvss —epss 0.04
Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow.
- CVE-2012-0685May 9, 2012risk 0.00cvss —epss 0.04
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684.
- CVE-2012-0684May 9, 2012risk 0.00cvss —epss 0.04
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685.
- CVE-2012-1051Feb 13, 2012risk 0.00cvss —epss 0.03
Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
- CVE-2011-1338Jul 11, 2011risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the "Open containing folder" menu item.
- CVE-2009-4001Mar 15, 2010risk 0.00cvss —epss 0.05
Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.
Page 8 of 8