Vendor CVEs
Xnview
All CVEs
149 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10752 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x00000000… | ||
| CVE-2017-10751 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x00000000000001… | ||
| CVE-2017-10750 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV near NULL starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012." | ||
| CVE-2017-10749 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d." | ||
| CVE-2017-10748 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000022bf8d." | ||
| CVE-2017-10747 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000037a8aa." | ||
| CVE-2017-10746 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012." | ||
| CVE-2017-10745 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!RtlProcessFlsData+0x00000000000000b0." | ||
| CVE-2017-10744 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::s_ToolTipsWndProc+0x0000000000000032." | ||
| CVE-2017-10743 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!LdrpInitializeNode+0x000000000000015b." | ||
| CVE-2017-10742 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from… | ||
| CVE-2017-10741 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121." | ||
| CVE-2017-10740 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d." | ||
| CVE-2017-10739 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000000c1b541c called from xnview+0x00000000003826ec." | ||
| CVE-2017-10738 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from… | ||
| CVE-2017-10737 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6." | ||
| CVE-2017-10736 | Hig | 0.51 | 7.8 | 0.00 | Jul 5, 2017 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at msvcrt!_VEC_memzero+0x000000000000006a." | ||
| CVE-2019-25328 | Hig | 0.49 | 7.5 | 0.00 | Feb 12, 2026 | XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the registration code field to trigger an application… | ||
| CVE-2007-2194 | 0.05 | — | 0.19 | Apr 24, 2007 | Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information. | |||
| CVE-2012-4988 | 0.04 | — | 0.10 | Jul 9, 2014 | Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file. | |||
| CVE-2013-2577 | 0.04 | — | 0.12 | Aug 9, 2013 | Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file. | |||
| CVE-2012-0282 | 0.04 | — | 0.07 | Jul 17, 2012 | Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image. | |||
| CVE-2012-0277 | 0.04 | — | 0.08 | Jul 17, 2012 | Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image. | |||
| CVE-2012-0276 | 0.04 | — | 0.08 | Jul 17, 2012 | Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the… | |||
| CVE-2010-1932 | 0.04 | — | 0.11 | Jun 16, 2010 | Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field. | |||
| CVE-2008-2427 | 0.04 | — | 0.16 | Jun 24, 2008 | Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file. | |||
| CVE-2008-0069 | 0.04 | — | 0.08 | Apr 2, 2008 | Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461. | |||
| CVE-2008-1461 | 0.04 | — | 0.11 | Mar 24, 2008 | Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker. | |||
| CVE-2021-28835 | 0.00 | — | 0.00 | Aug 11, 2023 | Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file. | |||
| CVE-2021-28427 | 0.00 | — | 0.00 | Aug 11, 2023 | Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file. | |||
| CVE-2020-23887 | 0.00 | — | 0.01 | Nov 10, 2021 | XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33. | |||
| CVE-2020-23886 | 0.00 | — | 0.01 | Nov 10, 2021 | XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree. | |||
| CVE-2013-3493 | 0.00 | — | 0.02 | Jan 27, 2020 | XnView 2.03 has an integer overflow vulnerability | |||
| CVE-2013-3492 | 0.00 | — | 0.02 | Jan 27, 2020 | XnView 2.03 has a stack-based buffer overflow vulnerability | |||
| CVE-2013-3246 | 0.00 | — | 0.02 | Jan 2, 2020 | Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file. | |||
| CVE-2013-3247 | 0.00 | — | 0.02 | Jan 2, 2020 | Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file. | |||
| CVE-2013-3937 | 0.00 | — | 0.02 | Jan 2, 2020 | Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file. | |||
| CVE-2013-3939 | 0.00 | — | 0.02 | Jan 2, 2020 | xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based… | |||
| CVE-2013-3941 | 0.00 | — | 0.03 | Jan 2, 2020 | Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer… | |||
| CVE-2019-9965 | 0.00 | — | 0.01 | Mar 24, 2019 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap. | |||
| CVE-2019-9964 | 0.00 | — | 0.01 | Mar 24, 2019 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey. | |||
| CVE-2019-9963 | 0.00 | — | 0.01 | Mar 24, 2019 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap. | |||
| CVE-2019-9962 | 0.00 | — | 0.01 | Mar 24, 2019 | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy. | |||
| CVE-2013-3938 | 0.00 | — | 0.04 | Mar 18, 2014 | Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow. | |||
| CVE-2012-0685 | 0.00 | — | 0.04 | May 9, 2012 | Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684. | |||
| CVE-2012-0684 | 0.00 | — | 0.04 | May 9, 2012 | Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685. | |||
| CVE-2012-1051 | 0.00 | — | 0.03 | Feb 13, 2012 | Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | |||
| CVE-2011-1338 | 0.00 | — | 0.00 | Jul 11, 2011 | Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the "Open containing folder" menu item. | |||
| CVE-2009-4001 | 0.00 | — | 0.05 | Mar 15, 2010 | Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow. |
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x00000000…
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x00000000000001…
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV near NULL starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000022bf8d."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000037a8aa."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!RtlProcessFlsData+0x00000000000000b0."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::s_ToolTipsWndProc+0x0000000000000032."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!LdrpInitializeNode+0x000000000000015b."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from…
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000000c1b541c called from xnview+0x00000000003826ec."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from…
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6."
- risk 0.51cvss 7.8epss 0.00
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at msvcrt!_VEC_memzero+0x000000000000006a."
- risk 0.49cvss 7.5epss 0.00
XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the registration code field to trigger an application…
- CVE-2007-2194Apr 24, 2007risk 0.05cvss —epss 0.19
Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
- CVE-2012-4988Jul 9, 2014risk 0.04cvss —epss 0.10
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.
- CVE-2013-2577Aug 9, 2013risk 0.04cvss —epss 0.12
Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.
- CVE-2012-0282Jul 17, 2012risk 0.04cvss —epss 0.07
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image.
- CVE-2012-0277Jul 17, 2012risk 0.04cvss —epss 0.08
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image.
- CVE-2012-0276Jul 17, 2012risk 0.04cvss —epss 0.08
Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the…
- CVE-2010-1932Jun 16, 2010risk 0.04cvss —epss 0.11
Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.
- CVE-2008-2427Jun 24, 2008risk 0.04cvss —epss 0.16
Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.
- CVE-2008-0069Apr 2, 2008risk 0.04cvss —epss 0.08
Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461.
- CVE-2008-1461Mar 24, 2008risk 0.04cvss —epss 0.11
Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker.
- CVE-2021-28835Aug 11, 2023risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.
- CVE-2021-28427Aug 11, 2023risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.
- CVE-2020-23887Nov 10, 2021risk 0.00cvss —epss 0.01
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33.
- CVE-2020-23886Nov 10, 2021risk 0.00cvss —epss 0.01
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree.
- CVE-2013-3493Jan 27, 2020risk 0.00cvss —epss 0.02
XnView 2.03 has an integer overflow vulnerability
- CVE-2013-3492Jan 27, 2020risk 0.00cvss —epss 0.02
XnView 2.03 has a stack-based buffer overflow vulnerability
- CVE-2013-3246Jan 2, 2020risk 0.00cvss —epss 0.02
Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.
- CVE-2013-3247Jan 2, 2020risk 0.00cvss —epss 0.02
Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.
- CVE-2013-3937Jan 2, 2020risk 0.00cvss —epss 0.02
Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.
- CVE-2013-3939Jan 2, 2020risk 0.00cvss —epss 0.02
xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based…
- CVE-2013-3941Jan 2, 2020risk 0.00cvss —epss 0.03
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer…
- CVE-2019-9965Mar 24, 2019risk 0.00cvss —epss 0.01
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.
- CVE-2019-9964Mar 24, 2019risk 0.00cvss —epss 0.01
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.
- CVE-2019-9963Mar 24, 2019risk 0.00cvss —epss 0.01
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.
- CVE-2019-9962Mar 24, 2019risk 0.00cvss —epss 0.01
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.
- CVE-2013-3938Mar 18, 2014risk 0.00cvss —epss 0.04
Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow.
- CVE-2012-0685May 9, 2012risk 0.00cvss —epss 0.04
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684.
- CVE-2012-0684May 9, 2012risk 0.00cvss —epss 0.04
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685.
- CVE-2012-1051Feb 13, 2012risk 0.00cvss —epss 0.03
Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
- CVE-2011-1338Jul 11, 2011risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the "Open containing folder" menu item.
- CVE-2009-4001Mar 15, 2010risk 0.00cvss —epss 0.05
Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.
Page 3 of 3