CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9909
https://notcve.org/view.php?id=CVE-2017-9909
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a." XnView Classic para Windows en su versión 2.40 permite a un atacante remoto causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante un archivo .fpx manipulado, relacionado a "Data from Faulting Address controls Branch Selection comenzado en ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a." • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9909 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10746
https://notcve.org/view.php?id=CVE-2017-10746
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012." XnView Classic para Windows versión 2.40, permite a los atacantes ejecutar código arbitrario o causar una denegación de servicio por medio de un archivo .rle creado, relacionado a un "User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012." • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10751
https://notcve.org/view.php?id=CVE-2017-10751
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133." XnView Classic para Windows versión 2.40, podría permitir a los atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a "Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133." • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10775
https://notcve.org/view.php?id=CVE-2017-10775
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a "Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb." XnView Classic para Windows versión 2.40, podría permitir a los atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a una "Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb". • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2013-3938
https://notcve.org/view.php?id=CVE-2013-3938
Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow. Desbordamiento de enteros en xnview.exe en XnView 2.13 permite a atacantes remotos ejecutar código arbitrario a través de un campo NUM_ELEMENTS grande en una estructura IFD_ENTRY en un archivo JXR, lo que provoca un desbordamiento de buffer basado en memoria dinámica. • http://secunia.com/advisories/56172 http://www.securityfocus.com/bid/66187 • CWE-189: Numeric Errors •