CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10748
https://notcve.org/view.php?id=CVE-2017-10748
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000022bf8d." XnView Classic para Windows versión 2.40, permite a los atacantes ejecutar código arbitrario o causar una denegación de servicio por medio de un archivo .rle creado, relacionado a un "User Mode Write AV starting at xnview+0x000000000022bf8d." • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10748 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10768
https://notcve.org/view.php?id=CVE-2017-10768
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca." XnView Classic para Windows versión 2.40, podría permitir a los atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca". • https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0CVE-2013-3938
https://notcve.org/view.php?id=CVE-2013-3938
Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow. Desbordamiento de enteros en xnview.exe en XnView 2.13 permite a atacantes remotos ejecutar código arbitrario a través de un campo NUM_ELEMENTS grande en una estructura IFD_ENTRY en un archivo JXR, lo que provoca un desbordamiento de buffer basado en memoria dinámica. • http://secunia.com/advisories/56172 http://www.securityfocus.com/bid/66187 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 13%CPEs: 117EXPL: 4CVE-2013-2577 – XnView 2.03 - '.pct' Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-2577
Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file. Desbordamiento de búfer en XnView anterior a v2.04 permite a atacantes remotos ejecutar código arbitrario a través de un archivo PCT manipulado. • https://www.exploit-db.com/exploits/27049 http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html http://newsgroup.xnview.com/viewtopic.php?f=35&t=28400 http://osvdb.org/95580 http://secunia.com/advisories/54174 http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability http://www.exploit-db.com/exploits/27049 http://www.securitytracker.com/id/1028817 https://exchange.xforce.ibmcloud.com/vulnerabilities/85919 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 14%CPEs: 2EXPL: 1CVE-2012-4988 – XnView 1.99.1 - '.JLS' File Decompression Heap Overflow
https://notcve.org/view.php?id=CVE-2012-4988
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file. Desbordamiento de buffer basado en memoria dinámica en el plugin de formato xjpegls.dll (también conocido como JLS, JPEG-LS o JPEG lossless) en XnView 1.99 y 1.99.1 permite a atacantes remotos ejecutar código arbitrario a través de un fichero de imagen JLS manipulado. • https://www.exploit-db.com/exploits/21741 http://osvdb.org/show/osvdb/85893 http://seclists.org/fulldisclosure/2012/Oct/36 http://secunia.com/advisories/50825 http://www.reactionpenetrationtesting.co.uk/xnview-jls-heap.html http://www.securityfocus.com/bid/55787 https://exchange.xforce.ibmcloud.com/vulnerabilities/79030 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •