CVE-2021-28835
https://notcve.org/view.php?id=CVE-2021-28835
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file. • https://newsgroup.xnview.com/viewtopic.php?f=35&t=44679 https://www.xnview.com/en/xnview/#changelog • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2013-3938
https://notcve.org/view.php?id=CVE-2013-3938
Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow. Desbordamiento de enteros en xnview.exe en XnView 2.13 permite a atacantes remotos ejecutar código arbitrario a través de un campo NUM_ELEMENTS grande en una estructura IFD_ENTRY en un archivo JXR, lo que provoca un desbordamiento de buffer basado en memoria dinámica. • http://secunia.com/advisories/56172 http://www.securityfocus.com/bid/66187 • CWE-189: Numeric Errors •