Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
174 vulnerabilities by XnView
CVE-2026-30007 (GCVE-0-2026-30007)
Vulnerability from cvelistv5 – Published: 2026-03-23 00:00 – Updated: 2026-03-23 17:09
VLAI
Summary
XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file
Severity
6.2 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-416 - Use After Free
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-30007",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T17:09:14.227569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T17:09:36.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T16:37:17.573Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.xnview.com/en/nconvert/"
},
{
"url": "https://github.com/PassMoon/Nconvert_Vul_7.230"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-30007",
"datePublished": "2026-03-23T00:00:00.000Z",
"dateReserved": "2026-03-04T00:00:00.000Z",
"dateUpdated": "2026-03-23T17:09:36.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-30006 (GCVE-0-2026-30006)
Vulnerability from cvelistv5 – Published: 2026-03-23 00:00 – Updated: 2026-03-23 17:08
VLAI
Summary
XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file.
Severity
6.2 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-30006",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T17:07:50.102963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T17:08:13.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T16:30:10.467Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.xnview.com/en/nconvert/#downloads"
},
{
"url": "https://github.com/PassMoon/Nconvert_Vul"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-30006",
"datePublished": "2026-03-23T00:00:00.000Z",
"dateReserved": "2026-03-04T00:00:00.000Z",
"dateUpdated": "2026-03-23T17:08:13.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-11950 (GCVE-0-2024-11950)
Vulnerability from cvelistv5 – Published: 2024-12-11 21:54 – Updated: 2024-12-12 15:47
VLAI
Title
XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability
Summary
XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| XnSoft | XnView Classic |
Affected:
2.51.5
|
Date Public
2024-12-02 19:52
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T15:31:57.325557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T15:47:33.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "XnView Classic",
"vendor": "XnSoft",
"versions": [
{
"status": "affected",
"version": "2.51.5"
}
]
}
],
"dateAssigned": "2024-11-27T23:40:42.496Z",
"datePublic": "2024-12-02T19:52:02.065Z",
"descriptions": [
{
"lang": "en",
"value": "XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\n\nThe specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:54:29.280Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1640",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1640/"
}
],
"source": {
"lang": "en",
"value": "Im Junhyuk, Jeong Soeun, Im Seongmin, Lee Jinhyeok, Hyun Chae-eul, Lee Hyungyu"
},
"title": "XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11950",
"datePublished": "2024-12-11T21:54:29.280Z",
"dateReserved": "2024-11-27T23:40:42.459Z",
"dateUpdated": "2024-12-12T15:47:33.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22532 (GCVE-0-2024-22532)
Vulnerability from cvelistv5 – Published: 2024-02-28 00:00 – Updated: 2024-08-01 22:51
VLAI
Summary
Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xnview:nconvert:7.163:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nconvert",
"vendor": "xnview",
"versions": [
{
"status": "affected",
"version": "7.163"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22532",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-29T20:40:28.713863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T20:05:34.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:51:10.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pwndorei/CVE-2024-22532"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T22:12:48.430Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/pwndorei/CVE-2024-22532"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-22532",
"datePublished": "2024-02-28T00:00:00.000Z",
"dateReserved": "2024-01-11T00:00:00.000Z",
"dateUpdated": "2024-08-01T22:51:10.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52173 (GCVE-0-2023-52173)
Vulnerability from cvelistv5 – Published: 2023-12-29 00:00 – Updated: 2024-08-27 16:13
VLAI
Summary
XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:40.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=46016"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/seyit-sigirci/Vulnerability-Disclosures/blob/main/XNView-Crash-Reports/BOF%5B0x54D%5D%2B3%7B%2B0~3%23460c%7D%20469.15d%20%40%20xnview.exe%2B0x3ADBD0.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52173",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T16:12:25.534958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T16:13:01.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T04:02:49.662Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=46016"
},
{
"url": "https://github.com/seyit-sigirci/Vulnerability-Disclosures/blob/main/XNView-Crash-Reports/BOF%5B0x54D%5D%2B3%7B%2B0~3%23460c%7D%20469.15d%20%40%20xnview.exe%2B0x3ADBD0.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52173",
"datePublished": "2023-12-29T00:00:00.000Z",
"dateReserved": "2023-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-27T16:13:01.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52174 (GCVE-0-2023-52174)
Vulnerability from cvelistv5 – Published: 2023-12-29 00:00 – Updated: 2024-08-02 22:55
VLAI
Summary
XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:40.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=46016"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/seyit-sigirci/Vulnerability-Disclosures/blob/main/XNView-Crash-Reports/BOF%5B0x1C94%5D%2B4%7B%2B0~4%231b99%7D%20128.ecf%20%40%20xnview.exe%2B0x3125D6.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T04:02:37.898Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=46016"
},
{
"url": "https://github.com/seyit-sigirci/Vulnerability-Disclosures/blob/main/XNView-Crash-Reports/BOF%5B0x1C94%5D%2B4%7B%2B0~4%231b99%7D%20128.ecf%20%40%20xnview.exe%2B0x3125D6.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52174",
"datePublished": "2023-12-29T00:00:00.000Z",
"dateReserved": "2023-12-29T00:00:00.000Z",
"dateUpdated": "2024-08-02T22:55:40.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46587 (GCVE-0-2023-46587)
Vulnerability from cvelistv5 – Published: 2023-10-27 00:00 – Updated: 2024-09-12 20:09
VLAI
Summary
Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:42.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:58:22.875751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T20:09:18.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T22:57:42.463Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46587",
"datePublished": "2023-10-27T00:00:00.000Z",
"dateReserved": "2023-10-23T00:00:00.000Z",
"dateUpdated": "2024-09-12T20:09:18.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43252 (GCVE-0-2023-43252)
Vulnerability from cvelistv5 – Published: 2023-10-19 00:00 – Updated: 2024-09-12 20:18
VLAI
Summary
XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.xnview.com/en/nconvert/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/Stack%20Buffer%20Overrun"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/15"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43252",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T20:17:50.453365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T20:18:16.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T12:42:00.137Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.xnview.com/en/nconvert/"
},
{
"url": "https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/Stack%20Buffer%20Overrun"
},
{
"url": "http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/15"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43252",
"datePublished": "2023-10-19T00:00:00.000Z",
"dateReserved": "2023-09-18T00:00:00.000Z",
"dateUpdated": "2024-09-12T20:18:16.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43251 (GCVE-0-2023-43251)
Vulnerability from cvelistv5 – Published: 2023-10-19 00:00 – Updated: 2024-09-12 20:19
VLAI
Summary
XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.xnview.com/en/nconvert/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/SEH"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/15"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43251",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T20:19:16.672521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T20:19:36.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T14:54:33.327Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.xnview.com/en/nconvert/"
},
{
"url": "https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/SEH"
},
{
"url": "http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/15"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43251",
"datePublished": "2023-10-19T00:00:00.000Z",
"dateReserved": "2023-09-18T00:00:00.000Z",
"dateUpdated": "2024-09-12T20:19:36.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43250 (GCVE-0-2023-43250)
Vulnerability from cvelistv5 – Published: 2023-10-18 00:00 – Updated: 2024-09-13 17:45
VLAI
Summary
XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/User%20Mode%20Write%20AV"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.xnview.com/en/nconvert/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/15"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xnview:nconvert:7.136:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nconvert",
"vendor": "xnview",
"versions": [
{
"status": "affected",
"version": "7.136"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-43250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T17:16:34.307212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:45:36.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T15:56:55.040Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/User%20Mode%20Write%20AV"
},
{
"url": "https://www.xnview.com/en/nconvert/"
},
{
"url": "http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/15"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43250",
"datePublished": "2023-10-18T00:00:00.000Z",
"dateReserved": "2023-09-18T00:00:00.000Z",
"dateUpdated": "2024-09-13T17:45:36.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28427 (GCVE-0-2021-28427)
Vulnerability from cvelistv5 – Published: 2023-08-11 00:00 – Updated: 2024-10-09 17:36
VLAI
Summary
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:14.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=41035"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-28427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:36:39.400554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:36:50.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=41035"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28427",
"datePublished": "2023-08-11T00:00:00.000Z",
"dateReserved": "2021-03-15T00:00:00.000Z",
"dateUpdated": "2024-10-09T17:36:50.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28835 (GCVE-0-2021-28835)
Vulnerability from cvelistv5 – Published: 2023-08-11 00:00 – Updated: 2024-10-09 17:35
VLAI
Summary
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=44679"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-28835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:35:21.852571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:35:30.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=44679"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28835",
"datePublished": "2023-08-11T00:00:00.000Z",
"dateReserved": "2021-03-19T00:00:00.000Z",
"dateUpdated": "2024-10-09T17:35:30.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-23887 (GCVE-0-2020-23887)
Vulnerability from cvelistv5 – Published: 2021-11-10 21:25 – Updated: 2024-08-04 15:05
VLAI
Summary
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Aurorainfinity/vulnerabilities… | x_refsource_MISC |
| https://www.xnview.com/en/xnviewmp/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:05:11.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xnview.com/en/xnviewmp/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T21:25:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xnview.com/en/xnviewmp/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-23887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp",
"refsource": "MISC",
"url": "https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp"
},
{
"name": "https://www.xnview.com/en/xnviewmp/",
"refsource": "MISC",
"url": "https://www.xnview.com/en/xnviewmp/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-23887",
"datePublished": "2021-11-10T21:25:59.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:05:11.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-23886 (GCVE-0-2020-23886)
Vulnerability from cvelistv5 – Published: 2021-11-10 21:25 – Updated: 2024-08-04 15:05
VLAI
Summary
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cwe.mitre.org/data/definitions/122.html | x_refsource_MISC |
| https://github.com/Aurorainfinity/vulnerabilities… | x_refsource_MISC |
| https://www.xnview.com/en/xnviewmp/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:05:11.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xnview.com/en/xnviewmp/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:19:37.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xnview.com/en/xnviewmp/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-23886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cwe.mitre.org/data/definitions/122.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/122.html"
},
{
"name": "https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp",
"refsource": "MISC",
"url": "https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp"
},
{
"name": "https://www.xnview.com/en/xnviewmp/",
"refsource": "MISC",
"url": "https://www.xnview.com/en/xnviewmp/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-23886",
"datePublished": "2021-11-10T21:25:58.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:05:11.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3493 (GCVE-0-2013-3493)
Vulnerability from cvelistv5 – Published: 2020-01-27 14:26 – Updated: 2024-08-06 16:14
VLAI
Summary
XnView 2.03 has an integer overflow vulnerability
Severity
No CVSS data available.
CWE
- integer overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/61505 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "2.03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.03 has an integer overflow vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "integer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:26:46.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/61505"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView 2.03 has an integer overflow vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/61505",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/61505"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3493",
"datePublished": "2020-01-27T14:26:46.000Z",
"dateReserved": "2013-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:14:56.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3492 (GCVE-0-2013-3492)
Vulnerability from cvelistv5 – Published: 2020-01-27 14:24 – Updated: 2024-08-06 16:14
VLAI
Summary
XnView 2.03 has a stack-based buffer overflow vulnerability
Severity
No CVSS data available.
CWE
- buffer overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/61503 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:55.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "2.03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.03 has a stack-based buffer overflow vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:24:40.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/61503"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView 2.03 has a stack-based buffer overflow vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/61503",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/61503"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3492",
"datePublished": "2020-01-27T14:24:40.000Z",
"dateReserved": "2013-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:14:55.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3246 (GCVE-0-2013-3246)
Vulnerability from cvelistv5 – Published: 2020-01-02 19:38 – Updated: 2024-08-06 16:00
VLAI
Summary
Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.fuzzmyapp.com/advisories/FMA-2013-003/… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Date Public
2013-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:10.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.03"
}
]
}
],
"datePublic": "2013-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:38:44.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml",
"refsource": "MISC",
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3246",
"datePublished": "2020-01-02T19:38:44.000Z",
"dateReserved": "2013-04-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:00:10.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3247 (GCVE-0-2013-3247)
Vulnerability from cvelistv5 – Published: 2020-01-02 19:38 – Updated: 2024-08-06 16:00
VLAI
Summary
Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.fuzzmyapp.com/advisories/FMA-2013-003/… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | x_refsource_MISC |
Date Public
2013-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:10.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.03"
}
]
}
],
"datePublic": "2013-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:38:36.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml",
"refsource": "MISC",
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3247",
"datePublished": "2020-01-02T19:38:36.000Z",
"dateReserved": "2013-04-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:00:10.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3937 (GCVE-0-2013-3937)
Vulnerability from cvelistv5 – Published: 2020-01-02 19:11 – Updated: 2024-08-06 16:30
VLAI
Summary
Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/52101 | third-party-advisoryx_refsource_SECUNIA |
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | x_refsource_CONFIRM |
Date Public
2013-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"datePublic": "2013-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:11:47.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52101"
},
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3937",
"datePublished": "2020-01-02T19:11:47.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:48.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3939 (GCVE-0-2013-3939)
Vulnerability from cvelistv5 – Published: 2020-01-02 19:11 – Updated: 2024-08-06 16:30
VLAI
Summary
xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- Other
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/52101 | third-party-advisoryx_refsource_SECUNIA |
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | x_refsource_CONFIRM |
Date Public
2013-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"datePublic": "2013-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:11:43.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52101"
},
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3939",
"datePublished": "2020-01-02T19:11:43.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:48.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3941 (GCVE-0-2013-3941)
Vulnerability from cvelistv5 – Published: 2020-01-02 19:11 – Updated: 2024-08-06 16:30
VLAI
Summary
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | x_refsource_MISC |
| http://secunia.com/advisories/52101 | x_refsource_MISC |
Date Public
2013-12-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/advisories/52101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"datePublic": "2013-12-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:11:40.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/advisories/52101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087",
"refsource": "MISC",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"name": "http://secunia.com/advisories/52101",
"refsource": "MISC",
"url": "http://secunia.com/advisories/52101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3941",
"datePublished": "2020-01-02T19:11:40.000Z",
"dateReserved": "2013-06-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:30:48.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17262 (GCVE-0-2019-17262)
Vulnerability from cvelistv5 – Published: 2019-10-08 11:16 – Updated: 2024-08-05 01:33
VLAI
Summary
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.xnview.com/en/xnview/#changelog | x_refsource_MISC |
| https://github.com/linhlhq/research/blob/master/R… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T11:16:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.xnview.com/en/xnview/#changelog",
"refsource": "MISC",
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"name": "https://github.com/linhlhq/research/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17262",
"datePublished": "2019-10-08T11:16:26.000Z",
"dateReserved": "2019-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17261 (GCVE-0-2019-17261)
Vulnerability from cvelistv5 – Published: 2019-10-08 11:16 – Updated: 2024-08-05 01:33
VLAI
Summary
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.xnview.com/en/xnview/#changelog | x_refsource_MISC |
| https://github.com/linhlhq/research/blob/master/R… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T11:16:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.xnview.com/en/xnview/#changelog",
"refsource": "MISC",
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"name": "https://github.com/linhlhq/research/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17261",
"datePublished": "2019-10-08T11:16:04.000Z",
"dateReserved": "2019-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13262 (GCVE-0-2019-13262)
Vulnerability from cvelistv5 – Published: 2019-07-04 15:07 – Updated: 2024-08-04 23:49
VLAI
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/apriorit/pentesting/blob/maste… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:07:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13262",
"datePublished": "2019-07-04T15:07:13.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:23.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13261 (GCVE-0-2019-13261)
Vulnerability from cvelistv5 – Published: 2019-07-04 15:07 – Updated: 2024-08-04 23:49
VLAI
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/apriorit/pentesting/blob/maste… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:07:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13261",
"datePublished": "2019-07-04T15:07:05.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13260 (GCVE-0-2019-13260)
Vulnerability from cvelistv5 – Published: 2019-07-04 15:06 – Updated: 2024-08-04 23:49
VLAI
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/apriorit/pentesting/blob/maste… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327a07.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:06:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327a07.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327a07.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327a07.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13260",
"datePublished": "2019-07-04T15:06:59.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13259 (GCVE-0-2019-13259)
Vulnerability from cvelistv5 – Published: 2019-07-04 15:06 – Updated: 2024-08-04 23:49
VLAI
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/apriorit/pentesting/blob/maste… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e566.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:06:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e566.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e566.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e566.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13259",
"datePublished": "2019-07-04T15:06:51.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13258 (GCVE-0-2019-13258)
Vulnerability from cvelistv5 – Published: 2019-07-04 15:06 – Updated: 2024-08-04 23:49
VLAI
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/apriorit/pentesting/blob/maste… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328165.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:06:44.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328165.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328165.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328165.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13258",
"datePublished": "2019-07-04T15:06:44.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:23.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13257 (GCVE-0-2019-13257)
Vulnerability from cvelistv5 – Published: 2019-07-04 15:06 – Updated: 2024-08-04 23:49
VLAI
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/apriorit/pentesting/blob/maste… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003273aa.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:06:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003273aa.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003273aa.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003273aa.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13257",
"datePublished": "2019-07-04T15:06:35.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:23.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13256 (GCVE-0-2019-13256)
Vulnerability from cvelistv5 – Published: 2019-07-04 15:06 – Updated: 2024-08-04 23:49
VLAI
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/apriorit/pentesting/blob/maste… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e849.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:06:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e849.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e849.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e849.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13256",
"datePublished": "2019-07-04T15:06:28.000Z",
"dateReserved": "2019-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:49:24.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}