CVE-2007-2194 – XnView 1.90.3 - '.xpm' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-2194
Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en pila en XnView 1.90.3 permite a atacantes con la intervención del usuario ejecutar código de su elección a través de ficheros XPM manipulados con una sección de cadena larga. NOTA: algunos de los detalles fueron obtenidos de terceras fuentes de información. • https://www.exploit-db.com/exploits/3777 http://osvdb.org/35235 http://secunia.com/advisories/24973 http://secunia.com/advisories/26006 http://security.gentoo.org/glsa/glsa-200707-06.xml http://www.securityfocus.com/bid/23625 http://www.vupen.com/english/advisories/2007/1488 https://exchange.xforce.ibmcloud.com/vulnerabilities/33810 •
CVE-2005-4595
https://notcve.org/view.php?id=CVE-2005-4595
Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory. • http://bugs.gentoo.org/show_bug.cgi?id=117063 http://secunia.com/advisories/18235 http://secunia.com/advisories/18240 http://www.gentoo.org/security/en/glsa/glsa-200512-18.xml http://www.osvdb.org/22093 http://www.osvdb.org/22094 http://www.securityfocus.com/bid/16087 https://exchange.xforce.ibmcloud.com/vulnerabilities/23910 •