CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28835
https://notcve.org/view.php?id=CVE-2021-28835
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file. • https://newsgroup.xnview.com/viewtopic.php?f=35&t=44679 https://www.xnview.com/en/xnview/#changelog • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14538
https://notcve.org/view.php?id=CVE-2017-14538
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823." XnView Classic para Windows en su versión 2.40 permite que los atacantes ejecuten código arbitrario o provoquen una denegación de servicio mediante un archivo .jb2 manipulado. Esta vulnerabilidad está relacionada con "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823". • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14538 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14541
https://notcve.org/view.php?id=CVE-2017-14541
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e." XnView Classic para Windows en su versión 2.40 permite que los atacantes provoquen una denegación de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .svg manipulado. Esta vulnerabilidad está relacionada con Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e". • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14541 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14270
https://notcve.org/view.php?id=CVE-2017-14270
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010." XnView Classic 2.40 para Windows permite que los atacantes ejecuten código arbitrario o provoquen una denegación de servicio mediante un archivo .jb2 manipulado, relacionado con "User Mode Write AV comenzando en ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010". • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14280
https://notcve.org/view.php?id=CVE-2017-14280
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d." XnView Classic 2.40 para Windows permite que los atacantes provoquen una denegación de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .jb2 manipulado, relacionado con "Data from Faulting Address controls Branch Selection comenzando en jbig2dec+0x000000000000571d". • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14280 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •