CVE-2023-43250 – XNSoft Nconvert 7.136 Buffer Overflow / Denial Of Service
https://notcve.org/view.php?id=CVE-2023-43250
XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. XNSoft Nconvert 7.136 es vulnerable al desbordamiento del búfer. Hay un modo de usuario para escribir AV a través de un archivo de imagen creado. • http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html http://seclists.org/fulldisclosure/2023/Oct/15 https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/User%20Mode%20Write%20AV https://www.xnview.com/en/nconvert • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-28835
https://notcve.org/view.php?id=CVE-2021-28835
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file. • https://newsgroup.xnview.com/viewtopic.php?f=35&t=44679 https://www.xnview.com/en/xnview/#changelog • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-28427
https://notcve.org/view.php?id=CVE-2021-28427
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file. • https://newsgroup.xnview.com/viewtopic.php?f=35&t=41035 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-23887
https://notcve.org/view.php?id=CVE-2020-23887
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33. Se ha detectado que XnView MP versión v0.96.4, contiene un desbordamiento de la pila que permite a atacantes causar una denegación de servicio (DoS) por medio de un archivo ico diseñado. Relacionado con una Violación de Acceso de Lectura que comienza en USER32! • https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp https://www.xnview.com/en/xnviewmp • CWE-787: Out-of-bounds Write •
CVE-2020-23886
https://notcve.org/view.php?id=CVE-2020-23886
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree. Se ha detectado que XnView MP versión v0.96.4, contiene un desbordamiento de la pila que permite a atacantes causar una denegación de servicio (DoS) por medio de un archivo pict diseñado. Relacionado con un AV de Escritura en Modo Usuario que comienza en ntdll! • https://cwe.mitre.org/data/definitions/122.html https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp https://www.xnview.com/en/xnviewmp • CWE-787: Out-of-bounds Write •