Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
312 vulnerabilities found for XnView by XnView
CVE-2024-11950 (GCVE-0-2024-11950)
Vulnerability from cvelistv5 – Published: 2024-12-11 21:54 – Updated: 2024-12-12 15:47
VLAI
Title
XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability
Summary
XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| XnSoft | XnView Classic |
Affected:
2.51.5
|
Date Public
2024-12-02 19:52
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T15:31:57.325557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T15:47:33.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "XnView Classic",
"vendor": "XnSoft",
"versions": [
{
"status": "affected",
"version": "2.51.5"
}
]
}
],
"dateAssigned": "2024-11-27T23:40:42.496Z",
"datePublic": "2024-12-02T19:52:02.065Z",
"descriptions": [
{
"lang": "en",
"value": "XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\n\nThe specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:54:29.280Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1640",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1640/"
}
],
"source": {
"lang": "en",
"value": "Im Junhyuk, Jeong Soeun, Im Seongmin, Lee Jinhyeok, Hyun Chae-eul, Lee Hyungyu"
},
"title": "XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11950",
"datePublished": "2024-12-11T21:54:29.280Z",
"dateReserved": "2024-11-27T23:40:42.459Z",
"dateUpdated": "2024-12-12T15:47:33.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46587 (GCVE-0-2023-46587)
Vulnerability from cvelistv5 – Published: 2023-10-27 00:00 – Updated: 2024-09-12 20:09
VLAI
Summary
Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:42.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:58:22.875751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T20:09:18.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T22:57:42.463Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46587",
"datePublished": "2023-10-27T00:00:00.000Z",
"dateReserved": "2023-10-23T00:00:00.000Z",
"dateUpdated": "2024-09-12T20:09:18.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28835 (GCVE-0-2021-28835)
Vulnerability from cvelistv5 – Published: 2023-08-11 00:00 – Updated: 2024-10-09 17:35
VLAI
Summary
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=44679"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-28835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:35:21.852571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:35:30.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=44679"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28835",
"datePublished": "2023-08-11T00:00:00.000Z",
"dateReserved": "2021-03-19T00:00:00.000Z",
"dateUpdated": "2024-10-09T17:35:30.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28427 (GCVE-0-2021-28427)
Vulnerability from cvelistv5 – Published: 2023-08-11 00:00 – Updated: 2024-10-09 17:36
VLAI
Summary
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:14.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=41035"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-28427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:36:39.400554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:36:50.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=41035"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28427",
"datePublished": "2023-08-11T00:00:00.000Z",
"dateReserved": "2021-03-15T00:00:00.000Z",
"dateUpdated": "2024-10-09T17:36:50.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3493 (GCVE-0-2013-3493)
Vulnerability from cvelistv5 – Published: 2020-01-27 14:26 – Updated: 2024-08-06 16:14
VLAI
Summary
XnView 2.03 has an integer overflow vulnerability
Severity
No CVSS data available.
CWE
- integer overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/61505 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "2.03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.03 has an integer overflow vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "integer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:26:46.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/61505"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView 2.03 has an integer overflow vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/61505",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/61505"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3493",
"datePublished": "2020-01-27T14:26:46.000Z",
"dateReserved": "2013-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:14:56.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3492 (GCVE-0-2013-3492)
Vulnerability from cvelistv5 – Published: 2020-01-27 14:24 – Updated: 2024-08-06 16:14
VLAI
Summary
XnView 2.03 has a stack-based buffer overflow vulnerability
Severity
No CVSS data available.
CWE
- buffer overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/61503 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:55.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "2.03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.03 has a stack-based buffer overflow vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:24:40.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/61503"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView 2.03 has a stack-based buffer overflow vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/61503",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/61503"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3492",
"datePublished": "2020-01-27T14:24:40.000Z",
"dateReserved": "2013-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:14:55.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3246 (GCVE-0-2013-3246)
Vulnerability from cvelistv5 – Published: 2020-01-02 19:38 – Updated: 2024-08-06 16:00
VLAI
Summary
Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.fuzzmyapp.com/advisories/FMA-2013-003/… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Date Public
2013-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:10.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.03"
}
]
}
],
"datePublic": "2013-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:38:44.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml",
"refsource": "MISC",
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3246",
"datePublished": "2020-01-02T19:38:44.000Z",
"dateReserved": "2013-04-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:00:10.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3247 (GCVE-0-2013-3247)
Vulnerability from cvelistv5 – Published: 2020-01-02 19:38 – Updated: 2024-08-06 16:00
VLAI
Summary
Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.fuzzmyapp.com/advisories/FMA-2013-003/… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Date Public
2013-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:10.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.03"
}
]
}
],
"datePublic": "2013-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:38:36.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml",
"refsource": "MISC",
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3247",
"datePublished": "2020-01-02T19:38:36.000Z",
"dateReserved": "2013-04-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:00:10.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3937 (GCVE-0-2013-3937)
Vulnerability from cvelistv5 – Published: 2020-01-02 19:11 – Updated: 2024-08-06 16:30
VLAI
Summary
Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/52101 | third-party-advisoryx_refsource_SECUNIA |
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | x_refsource_CONFIRM |
Date Public
2013-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"datePublic": "2013-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:11:47.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52101"
},
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3937",
"datePublished": "2020-01-02T19:11:47.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:48.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3939 (GCVE-0-2013-3939)
Vulnerability from cvelistv5 – Published: 2020-01-02 19:11 – Updated: 2024-08-06 16:30
VLAI
Summary
xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/52101 | third-party-advisoryx_refsource_SECUNIA |
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | x_refsource_CONFIRM |
Date Public
2013-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"datePublic": "2013-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:11:43.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52101"
},
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3939",
"datePublished": "2020-01-02T19:11:43.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:48.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3941 (GCVE-0-2013-3941)
Vulnerability from cvelistv5 – Published: 2020-01-02 19:11 – Updated: 2024-08-06 16:30
VLAI
Summary
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | x_refsource_MISC |
| http://secunia.com/advisories/52101 | x_refsource_MISC |
Date Public
2013-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/advisories/52101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"datePublic": "2013-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:11:40.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/advisories/52101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087",
"refsource": "MISC",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"name": "http://secunia.com/advisories/52101",
"refsource": "MISC",
"url": "http://secunia.com/advisories/52101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3941",
"datePublished": "2020-01-02T19:11:40.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:48.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17262 (GCVE-0-2019-17262)
Vulnerability from cvelistv5 – Published: 2019-10-08 11:16 – Updated: 2024-08-05 01:33
VLAI
Summary
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.xnview.com/en/xnview/#changelog | x_refsource_MISC |
| https://github.com/linhlhq/research/blob/master/R… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T11:16:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.xnview.com/en/xnview/#changelog",
"refsource": "MISC",
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"name": "https://github.com/linhlhq/research/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17262",
"datePublished": "2019-10-08T11:16:26.000Z",
"dateReserved": "2019-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17261 (GCVE-0-2019-17261)
Vulnerability from cvelistv5 – Published: 2019-10-08 11:16 – Updated: 2024-08-05 01:33
VLAI
Summary
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.xnview.com/en/xnview/#changelog | x_refsource_MISC |
| https://github.com/linhlhq/research/blob/master/R… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T11:16:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.xnview.com/en/xnview/#changelog",
"refsource": "MISC",
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"name": "https://github.com/linhlhq/research/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17261",
"datePublished": "2019-10-08T11:16:04.000Z",
"dateReserved": "2019-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13262 (GCVE-0-2019-13262)
Vulnerability from cvelistv5 – Published: 2019-07-04 15:07 – Updated: 2024-08-04 23:49
VLAI
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/apriorit/pentesting/blob/maste… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:07:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13262",
"datePublished": "2019-07-04T15:07:13.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:23.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13261 (GCVE-0-2019-13261)
Vulnerability from cvelistv5 – Published: 2019-07-04 15:07 – Updated: 2024-08-04 23:49
VLAI
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/apriorit/pentesting/blob/maste… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:07:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13261",
"datePublished": "2019-07-04T15:07:05.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11950 (GCVE-0-2024-11950)
Vulnerability from nvd – Published: 2024-12-11 21:54 – Updated: 2024-12-12 15:47
VLAI
Title
XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability
Summary
XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| XnSoft | XnView Classic |
Affected:
2.51.5
|
Date Public
2024-12-02 19:52
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T15:31:57.325557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T15:47:33.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "XnView Classic",
"vendor": "XnSoft",
"versions": [
{
"status": "affected",
"version": "2.51.5"
}
]
}
],
"dateAssigned": "2024-11-27T23:40:42.496Z",
"datePublic": "2024-12-02T19:52:02.065Z",
"descriptions": [
{
"lang": "en",
"value": "XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\n\nThe specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:54:29.280Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1640",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1640/"
}
],
"source": {
"lang": "en",
"value": "Im Junhyuk, Jeong Soeun, Im Seongmin, Lee Jinhyeok, Hyun Chae-eul, Lee Hyungyu"
},
"title": "XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11950",
"datePublished": "2024-12-11T21:54:29.280Z",
"dateReserved": "2024-11-27T23:40:42.459Z",
"dateUpdated": "2024-12-12T15:47:33.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46587 (GCVE-0-2023-46587)
Vulnerability from nvd – Published: 2023-10-27 00:00 – Updated: 2024-09-12 20:09
VLAI
Summary
Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:42.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:58:22.875751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T20:09:18.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T22:57:42.463Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46587",
"datePublished": "2023-10-27T00:00:00.000Z",
"dateReserved": "2023-10-23T00:00:00.000Z",
"dateUpdated": "2024-09-12T20:09:18.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28835 (GCVE-0-2021-28835)
Vulnerability from nvd – Published: 2023-08-11 00:00 – Updated: 2024-10-09 17:35
VLAI
Summary
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=44679"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-28835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:35:21.852571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:35:30.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=44679"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28835",
"datePublished": "2023-08-11T00:00:00.000Z",
"dateReserved": "2021-03-19T00:00:00.000Z",
"dateUpdated": "2024-10-09T17:35:30.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28427 (GCVE-0-2021-28427)
Vulnerability from nvd – Published: 2023-08-11 00:00 – Updated: 2024-10-09 17:36
VLAI
Summary
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:14.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=41035"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-28427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:36:39.400554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:36:50.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=41035"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28427",
"datePublished": "2023-08-11T00:00:00.000Z",
"dateReserved": "2021-03-15T00:00:00.000Z",
"dateUpdated": "2024-10-09T17:36:50.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3493 (GCVE-0-2013-3493)
Vulnerability from nvd – Published: 2020-01-27 14:26 – Updated: 2024-08-06 16:14
VLAI
Summary
XnView 2.03 has an integer overflow vulnerability
Severity
No CVSS data available.
CWE
- integer overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/61505 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "2.03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.03 has an integer overflow vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "integer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:26:46.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/61505"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView 2.03 has an integer overflow vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/61505",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/61505"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3493",
"datePublished": "2020-01-27T14:26:46.000Z",
"dateReserved": "2013-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:14:56.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3492 (GCVE-0-2013-3492)
Vulnerability from nvd – Published: 2020-01-27 14:24 – Updated: 2024-08-06 16:14
VLAI
Summary
XnView 2.03 has a stack-based buffer overflow vulnerability
Severity
No CVSS data available.
CWE
- buffer overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/61503 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:55.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "2.03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.03 has a stack-based buffer overflow vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:24:40.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/61503"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView 2.03 has a stack-based buffer overflow vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/61503",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/61503"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3492",
"datePublished": "2020-01-27T14:24:40.000Z",
"dateReserved": "2013-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:14:55.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3246 (GCVE-0-2013-3246)
Vulnerability from nvd – Published: 2020-01-02 19:38 – Updated: 2024-08-06 16:00
VLAI
Summary
Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.fuzzmyapp.com/advisories/FMA-2013-003/… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Date Public
2013-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:10.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.03"
}
]
}
],
"datePublic": "2013-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:38:44.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml",
"refsource": "MISC",
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3246",
"datePublished": "2020-01-02T19:38:44.000Z",
"dateReserved": "2013-04-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:00:10.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3247 (GCVE-0-2013-3247)
Vulnerability from nvd – Published: 2020-01-02 19:38 – Updated: 2024-08-06 16:00
VLAI
Summary
Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.fuzzmyapp.com/advisories/FMA-2013-003/… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Date Public
2013-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:10.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.03"
}
]
}
],
"datePublic": "2013-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:38:36.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml",
"refsource": "MISC",
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3247",
"datePublished": "2020-01-02T19:38:36.000Z",
"dateReserved": "2013-04-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:00:10.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3937 (GCVE-0-2013-3937)
Vulnerability from nvd – Published: 2020-01-02 19:11 – Updated: 2024-08-06 16:30
VLAI
Summary
Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/52101 | third-party-advisoryx_refsource_SECUNIA |
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | x_refsource_CONFIRM |
Date Public
2013-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"datePublic": "2013-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:11:47.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52101"
},
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3937",
"datePublished": "2020-01-02T19:11:47.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:48.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3939 (GCVE-0-2013-3939)
Vulnerability from nvd – Published: 2020-01-02 19:11 – Updated: 2024-08-06 16:30
VLAI
Summary
xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/52101 | third-party-advisoryx_refsource_SECUNIA |
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | x_refsource_CONFIRM |
Date Public
2013-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"datePublic": "2013-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:11:43.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52101"
},
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3939",
"datePublished": "2020-01-02T19:11:43.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:48.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3941 (GCVE-0-2013-3941)
Vulnerability from nvd – Published: 2020-01-02 19:11 – Updated: 2024-08-06 16:30
VLAI
Summary
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | x_refsource_MISC |
| http://secunia.com/advisories/52101 | x_refsource_MISC |
Date Public
2013-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/advisories/52101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"datePublic": "2013-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:11:40.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/advisories/52101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087",
"refsource": "MISC",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"name": "http://secunia.com/advisories/52101",
"refsource": "MISC",
"url": "http://secunia.com/advisories/52101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3941",
"datePublished": "2020-01-02T19:11:40.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:48.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17262 (GCVE-0-2019-17262)
Vulnerability from nvd – Published: 2019-10-08 11:16 – Updated: 2024-08-05 01:33
VLAI
Summary
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.xnview.com/en/xnview/#changelog | x_refsource_MISC |
| https://github.com/linhlhq/research/blob/master/R… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T11:16:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.xnview.com/en/xnview/#changelog",
"refsource": "MISC",
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"name": "https://github.com/linhlhq/research/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17262",
"datePublished": "2019-10-08T11:16:26.000Z",
"dateReserved": "2019-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17261 (GCVE-0-2019-17261)
Vulnerability from nvd – Published: 2019-10-08 11:16 – Updated: 2024-08-05 01:33
VLAI
Summary
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.xnview.com/en/xnview/#changelog | x_refsource_MISC |
| https://github.com/linhlhq/research/blob/master/R… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T11:16:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.xnview.com/en/xnview/#changelog",
"refsource": "MISC",
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"name": "https://github.com/linhlhq/research/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17261",
"datePublished": "2019-10-08T11:16:04.000Z",
"dateReserved": "2019-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13262 (GCVE-0-2019-13262)
Vulnerability from nvd – Published: 2019-07-04 15:07 – Updated: 2024-08-04 23:49
VLAI
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/apriorit/pentesting/blob/maste… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:07:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13262",
"datePublished": "2019-07-04T15:07:13.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:23.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13261 (GCVE-0-2019-13261)
Vulnerability from nvd – Published: 2019-07-04 15:07 – Updated: 2024-08-04 23:49
VLAI
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/apriorit/pentesting/blob/maste… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:07:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13261",
"datePublished": "2019-07-04T15:07:05.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}