CVE-2021-28835
https://notcve.org/view.php?id=CVE-2021-28835
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file. • https://newsgroup.xnview.com/viewtopic.php?f=35&t=44679 https://www.xnview.com/en/xnview/#changelog • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2017-14580
https://notcve.org/view.php?id=CVE-2017-14580
XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000870f." XnView Classic para Windows en su versión 2.41 permite que los atacantes ejecuten código arbitrario o provoquen una denegación de servicio mediante un archivo .jb2 manipulado. Esta vulnerabilidad está relacionada con "User Mode Write AV starting at jbig2dec+0x000000000000870f". • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14580 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •