CVE-2017-9900
https://notcve.org/view.php?id=CVE-2017-9900
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385." XnView Classic para Windows en su versión 2.40 permite a atacantes remotos ejecutar código mediante un archivo .fpx manipulado, relacionado a "Data from Faulting Address controls Code Flow comenzado en Xfpx!gffGetFormatInfo+0x000000000002e385." • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9900 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-9894
https://notcve.org/view.php?id=CVE-2017-9894
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000029272." XnView Classic para Windows en su versión 2.40 permite a atacantes remotos ejecutar código mediante un archivo .fpx manipulado, relacionado a "User Mode Write AV comenzado en Xfpx!gffGetFormatInfo+0x0000000000029272." • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9894 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-10748
https://notcve.org/view.php?id=CVE-2017-10748
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000022bf8d." XnView Classic para Windows versión 2.40, permite a los atacantes ejecutar código arbitrario o causar una denegación de servicio por medio de un archivo .rle creado, relacionado a un "User Mode Write AV starting at xnview+0x000000000022bf8d." • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10748 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2017-10768
https://notcve.org/view.php?id=CVE-2017-10768
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca." XnView Classic para Windows versión 2.40, podría permitir a los atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca". • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-3938
https://notcve.org/view.php?id=CVE-2013-3938
Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow. Desbordamiento de enteros en xnview.exe en XnView 2.13 permite a atacantes remotos ejecutar código arbitrario a través de un campo NUM_ELEMENTS grande en una estructura IFD_ENTRY en un archivo JXR, lo que provoca un desbordamiento de buffer basado en memoria dinámica. • http://secunia.com/advisories/56172 http://www.securityfocus.com/bid/66187 • CWE-189: Numeric Errors •