Vulnerabilites related to XnView - XnView
CVE-2017-9913 (GCVE-0-2017-9913)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!TpAllocCleanupGroup+0x00000000000003d7."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9913 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:25:00.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9913"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!TpAllocCleanupGroup+0x00000000000003d7.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9913"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!TpAllocCleanupGroup+0x00000000000003d7.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9913",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9913"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9913",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:25:00.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14278 (GCVE-0-2017-14278)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005940."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14278 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005940.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14278"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005940.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14278",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14278"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14278",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14272 (GCVE-0-2017-14272)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000595d."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14272 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at jbig2dec+0x000000000000595d.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at jbig2dec+0x000000000000595d.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14272",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14272",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10754 (GCVE-0-2017-10754)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10754",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14279 (GCVE-0-2017-14279)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005643."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14279 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005643.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14279"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005643.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14279",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14279",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15776 (GCVE-0-2017-15776)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285ec1."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15776 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285ec1.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285ec1.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15776",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15776",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:49.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15788 (GCVE-0-2017-15788)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x0000000000002d83."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15788 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV starting at CADImage+0x0000000000002d83.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV starting at CADImage+0x0000000000002d83.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15788",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15788",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:49.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14271 (GCVE-0-2017-14271)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14271",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9894 (GCVE-0-2017-9894)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000029272."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9894 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000029272.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9894"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000029272.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9894",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9894",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9907 (GCVE-0-2017-9907)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Possible Stack Corruption starting at Xfpx!gffGetFormatInfo+0x0000000000022e1f."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9907 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:25:00.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9907"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Possible Stack Corruption starting at Xfpx!gffGetFormatInfo+0x0000000000022e1f.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9907"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Possible Stack Corruption starting at Xfpx!gffGetFormatInfo+0x0000000000022e1f.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9907",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9907"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9907",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:25:00.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15782 (GCVE-0-2017-15782)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000032eb."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15782 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15782"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV starting at CADImage+0x00000000000032eb.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15782"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV starting at CADImage+0x00000000000032eb.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15782",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15782"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15782",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:49.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14270 (GCVE-0-2017-14270)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14270",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1338 (GCVE-0-2011-1338)
Vulnerability from cvelistv5
Published
2011-07-11 20:00
Modified
2024-08-06 22:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the "Open containing folder" menu item.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2011-000050 | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/48562 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/73619 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68369 | vdb-entry, x_refsource_XF | |
| http://jvn.jp/en/jp/JVN17844633/index.html | third-party-advisory, x_refsource_JVN | |
| http://secunia.com/advisories/45127 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2011-000050",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000050"
},
{
"name": "48562",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48562"
},
{
"name": "73619",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/73619"
},
{
"name": "xnview-library-code-execution(68369)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68369"
},
{
"name": "JVN#17844633",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN17844633/index.html"
},
{
"name": "45127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the \"Open containing folder\" menu item."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2011-000050",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000050"
},
{
"name": "48562",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48562"
},
{
"name": "73619",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/73619"
},
{
"name": "xnview-library-code-execution(68369)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68369"
},
{
"name": "JVN#17844633",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN17844633/index.html"
},
{
"name": "45127",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45127"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-1338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the \"Open containing folder\" menu item."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2011-000050",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000050"
},
{
"name": "48562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48562"
},
{
"name": "73619",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/73619"
},
{
"name": "xnview-library-code-execution(68369)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68369"
},
{
"name": "JVN#17844633",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN17844633/index.html"
},
{
"name": "45127",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45127"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-1338",
"datePublished": "2011-07-11T20:00:00",
"dateReserved": "2011-03-09T00:00:00",
"dateUpdated": "2024-08-06T22:21:34.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15803 (GCVE-0-2017-15803)
Vulnerability from cvelistv5
Published
2017-10-22 19:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000150."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15803 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15803"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000150.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15803"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000150.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15803",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15803"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15803",
"datePublished": "2017-10-22T19:00:00",
"dateReserved": "2017-10-22T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15775 (GCVE-0-2017-15775)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000259aa4."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15775 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000259aa4.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000259aa4.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15775",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15775",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:49.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9908 (GCVE-0-2017-9908)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a "Read Access Violation starting at Xfpx+0x000000000000d6da."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9908 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9908"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a \"Read Access Violation starting at Xfpx+0x000000000000d6da.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9908"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a \"Read Access Violation starting at Xfpx+0x000000000000d6da.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9908",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9908"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9908",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14283 (GCVE-0-2017-14283)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000008fe4."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14283 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000008fe4.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14283"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000008fe4.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14283",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14283"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14283",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9897 (GCVE-0-2017-9897)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x000000000000dcab."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x000000000000dcab.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x000000000000dcab.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9897",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13085 (GCVE-0-2019-13085)
Vulnerability from cvelistv5
Published
2019-06-30 15:45
Modified
2024-08-04 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x30ecfa.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x30ecfa.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-30T15:45:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x30ecfa.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x30ecfa.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x30ecfa.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13085",
"datePublished": "2019-06-30T15:45:09",
"dateReserved": "2019-06-30T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9529 (GCVE-0-2017-9529)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x0000000000004efd."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9529 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x0000000000004efd.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x0000000000004efd.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9529",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9529",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-11T00:00:00",
"dateUpdated": "2024-08-05T17:11:02.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14541 (GCVE-0-2017-14541)
Vulnerability from cvelistv5
Published
2017-09-18 17:00
Modified
2024-08-05 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14541 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to \"Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14541"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to \"Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14541",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14541"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14541",
"datePublished": "2017-09-18T17:00:00",
"dateReserved": "2017-09-18T00:00:00",
"dateUpdated": "2024-08-05T19:27:40.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10762 (GCVE-0-2017-10762)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x000000000000042f."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10762 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x000000000000042f.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10762"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x000000000000042f.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10762",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10762"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10762",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13083 (GCVE-0-2019-13083)
Vulnerability from cvelistv5
Published
2019-06-30 15:44
Modified
2024-08-04 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x384e2a.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x384e2a.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-30T15:44:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x384e2a.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x384e2a.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x384e2a.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13083",
"datePublished": "2019-06-30T15:44:52",
"dateReserved": "2019-06-30T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28835 (GCVE-0-2021-28835)
Vulnerability from cvelistv5
Published
2023-08-11 00:00
Modified
2024-10-09 17:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_transferred"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=44679"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-28835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:35:21.852571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:35:30.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=44679"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28835",
"datePublished": "2023-08-11T00:00:00",
"dateReserved": "2021-03-19T00:00:00",
"dateUpdated": "2024-10-09T17:35:30.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15176 (GCVE-0-2018-15176)
Vulnerability from cvelistv5
Published
2018-08-08 00:00
Modified
2024-09-16 19:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://code610.blogspot.com/2018/08/updating-xnview.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-08T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code610.blogspot.com/2018/08/updating-xnview.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15176",
"datePublished": "2018-08-08T00:00:00Z",
"dateReserved": "2018-08-07T00:00:00Z",
"dateUpdated": "2024-09-16T19:05:09.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14284 (GCVE-0-2017-14284)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14284 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14284"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14284",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14284"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14284",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15784 (GCVE-0-2017-15784)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an "Illegal Instruction Violation starting at xnview+0x0000000000370074."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15784 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an \"Illegal Instruction Violation starting at xnview+0x0000000000370074.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15784"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an \"Illegal Instruction Violation starting at xnview+0x0000000000370074.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15784",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15784"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15784",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14276 (GCVE-0-2017-14276)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14276 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14276"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14276",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14276"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14276",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10766 (GCVE-0-2017-10766)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at GDI32!ScriptStringAnalyse+0x00000000000001c8."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10766 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10766"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at GDI32!ScriptStringAnalyse+0x00000000000001c8.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10766"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at GDI32!ScriptStringAnalyse+0x00000000000001c8.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10766",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10766"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10766",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10752 (GCVE-0-2017-10752)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10752 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10752",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10752",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3941 (GCVE-0-2013-3941)
Vulnerability from cvelistv5
Published
2020-01-02 19:11
Modified
2024-08-06 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | x_refsource_MISC | |
| http://secunia.com/advisories/52101 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/advisories/52101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"datePublic": "2013-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:11:40",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/advisories/52101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087",
"refsource": "MISC",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"name": "http://secunia.com/advisories/52101",
"refsource": "MISC",
"url": "http://secunia.com/advisories/52101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3941",
"datePublished": "2020-01-02T19:11:40",
"dateReserved": "2013-06-04T00:00:00",
"dateUpdated": "2024-08-06T16:30:48.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3937 (GCVE-0-2013-3937)
Vulnerability from cvelistv5
Published
2020-01-02 19:11
Modified
2024-08-06 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/52101 | third-party-advisory, x_refsource_SECUNIA | |
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"datePublic": "2013-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:11:47",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52101"
},
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3937",
"datePublished": "2020-01-02T19:11:47",
"dateReserved": "2013-06-04T00:00:00",
"dateUpdated": "2024-08-06T16:30:48.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3492 (GCVE-0-2013-3492)
Vulnerability from cvelistv5
Published
2020-01-27 14:24
Modified
2024-08-06 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- buffer overflow
Summary
XnView 2.03 has a stack-based buffer overflow vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/61503 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:55.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61503"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "2.03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.03 has a stack-based buffer overflow vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:24:40",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/61503"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView 2.03 has a stack-based buffer overflow vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/61503",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/61503"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3492",
"datePublished": "2020-01-27T14:24:40",
"dateReserved": "2013-05-07T00:00:00",
"dateUpdated": "2024-08-06T16:14:55.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9910 (GCVE-0-2017-9910)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to an "Error Code (0xc000041d) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9910 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9910"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to an \"Error Code (0xc000041d) starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9910"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to an \"Error Code (0xc000041d) starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9910",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9910"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9910",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15777 (GCVE-0-2017-15777)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at CADImage+0x0000000000288750."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15777 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV near NULL starting at CADImage+0x0000000000288750.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV near NULL starting at CADImage+0x0000000000288750.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15777",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15777",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15801 (GCVE-0-2017-15801)
Vulnerability from cvelistv5
Published
2017-10-22 19:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15801 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15801",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15801",
"datePublished": "2017-10-22T19:00:00",
"dateReserved": "2017-10-22T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0282 (GCVE-0-2012-0282)
Vulnerability from cvelistv5
Published
2012-07-17 21:00
Modified
2024-08-06 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/83086 | vdb-entry, x_refsource_OSVDB | |
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858 | x_refsource_CONFIRM | |
| http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=51 | x_refsource_MISC | |
| http://secunia.com/advisories/48666 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/19335 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:29.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "83086",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/83086"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=51"
},
{
"name": "48666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48666"
},
{
"name": "19335",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/19335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-25T09:00:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "83086",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/83086"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=51"
},
{
"name": "48666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48666"
},
{
"name": "19335",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/19335"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-0282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "83086",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/83086"
},
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"name": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=51",
"refsource": "MISC",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=51"
},
{
"name": "48666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48666"
},
{
"name": "19335",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19335"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-0282",
"datePublished": "2012-07-17T21:00:00",
"dateReserved": "2011-12-30T00:00:00",
"dateUpdated": "2024-08-06T18:23:29.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15786 (GCVE-0-2017-15786)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x00000000001a78db."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15786 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15786"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x00000000001a78db.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15786"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x00000000001a78db.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15786",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15786"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15786",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10750 (GCVE-0-2017-10750)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV near NULL starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10750 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV near NULL starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV near NULL starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10750",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10750",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13253 (GCVE-0-2019-13253)
Vulnerability from cvelistv5
Published
2019-07-04 15:06
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000385474.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000385474.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000385474.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000385474.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000385474.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13253",
"datePublished": "2019-07-04T15:06:06",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10761 (GCVE-0-2017-10761)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10761 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10761"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10761",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10761"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10761",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15783 (GCVE-0-2017-15783)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000285ce1."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15783 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000285ce1.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000285ce1.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15783",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15783",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13256 (GCVE-0-2019-13256)
Vulnerability from cvelistv5
Published
2019-07-04 15:06
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e849.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e849.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:06:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e849.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e849.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e849.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13256",
"datePublished": "2019-07-04T15:06:28",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13258 (GCVE-0-2019-13258)
Vulnerability from cvelistv5
Published
2019-07-04 15:06
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328165.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328165.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:06:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328165.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328165.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328165.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13258",
"datePublished": "2019-07-04T15:06:44",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:23.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10767 (GCVE-0-2017-10767)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!StateObjectListFind+0x0000000000000005."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10767 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10767"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at KERNELBASE!StateObjectListFind+0x0000000000000005.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10767"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at KERNELBASE!StateObjectListFind+0x0000000000000005.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10767",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10767"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10767",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10744 (GCVE-0-2017-10744)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::s_ToolTipsWndProc+0x0000000000000032."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10744 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:10.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10744"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::s_ToolTipsWndProc+0x0000000000000032.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10744"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::s_ToolTipsWndProc+0x0000000000000032.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10744",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10744"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10744",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:10.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10774 (GCVE-0-2017-10774)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!FindSortHashNode+0x0000000000000040."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10774 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at KERNELBASE!FindSortHashNode+0x0000000000000040.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at KERNELBASE!FindSortHashNode+0x0000000000000040.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10774",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10774",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28427 (GCVE-0-2021-28427)
Vulnerability from cvelistv5
Published
2023-08-11 00:00
Modified
2024-10-09 17:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:14.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=41035"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-28427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T17:36:39.400554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T17:36:50.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:N/S:U/UI:R",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=41035"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28427",
"datePublished": "2023-08-11T00:00:00",
"dateReserved": "2021-03-15T00:00:00",
"dateUpdated": "2024-10-09T17:36:50.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9901 (GCVE-0-2017-9901)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls subsequent Write Address starting at Xfpx!gffGetFormatInfo+0x000000000002bfd5."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9901 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls subsequent Write Address starting at Xfpx!gffGetFormatInfo+0x000000000002bfd5.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls subsequent Write Address starting at Xfpx!gffGetFormatInfo+0x000000000002bfd5.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9901",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9901",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10780 (GCVE-0-2017-10780)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b4a."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10780 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.717Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b4a.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b4a.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10780",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10780",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9914 (GCVE-0-2017-9914)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a "Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9914 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9914"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a \"Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9914"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a \"Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9914",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9914"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9914",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14285 (GCVE-0-2017-14285)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x000000000000039b."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14285 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x000000000000039b.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14285"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x000000000000039b.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14285",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14285",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9912 (GCVE-0-2017-9912)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9912 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9912"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9912"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9912",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9912"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9912",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10760 (GCVE-0-2017-10760)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10760",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10742 (GCVE-0-2017-10742)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10742 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10742"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10742"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10742",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10742"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10742",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10771 (GCVE-0-2017-10771)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x0000000000000510."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10771 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10771"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x0000000000000510.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10771"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x0000000000000510.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10771",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10771"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10771",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10751 (GCVE-0-2017-10751)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10751",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1461 (GCVE-0-2008-1461)
Vulnerability from cvelistv5
Published
2008-03-24 18:00
Modified
2024-08-07 08:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.click-internet.fr/index.php?cki=News&news=9 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/28259 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/489658/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/3761 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41245 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:41.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.click-internet.fr/index.php?cki=News\u0026news=9"
},
{
"name": "28259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28259"
},
{
"name": "20080315 XNview 1.92.1 Long Filename Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489658/100/0/threaded"
},
{
"name": "3761",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3761"
},
{
"name": "xnview-filename-bo(41245)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.click-internet.fr/index.php?cki=News\u0026news=9"
},
{
"name": "28259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28259"
},
{
"name": "20080315 XNview 1.92.1 Long Filename Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489658/100/0/threaded"
},
{
"name": "3761",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3761"
},
{
"name": "xnview-filename-bo(41245)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41245"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.click-internet.fr/index.php?cki=News\u0026news=9",
"refsource": "MISC",
"url": "http://www.click-internet.fr/index.php?cki=News\u0026news=9"
},
{
"name": "28259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28259"
},
{
"name": "20080315 XNview 1.92.1 Long Filename Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489658/100/0/threaded"
},
{
"name": "3761",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3761"
},
{
"name": "xnview-filename-bo(41245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41245"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1461",
"datePublished": "2008-03-24T18:00:00",
"dateReserved": "2008-03-24T00:00:00",
"dateUpdated": "2024-08-07T08:24:41.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15781 (GCVE-0-2017-15781)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15781 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15781",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15781",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17262 (GCVE-0-2019-17262)
Vulnerability from cvelistv5
Published
2019-10-08 11:16
Modified
2024-08-05 01:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.xnview.com/en/xnview/#changelog | x_refsource_MISC | |
| https://github.com/linhlhq/research/blob/master/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T11:16:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.xnview.com/en/xnview/#changelog",
"refsource": "MISC",
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"name": "https://github.com/linhlhq/research/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17262",
"datePublished": "2019-10-08T11:16:26",
"dateReserved": "2019-10-06T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8781 (GCVE-0-2017-8781)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in "Browser" mode, because of a "Stack Buffer Overrun" issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8781 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:21.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"Stack Buffer Overrun\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"Stack Buffer Overrun\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8781",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8781",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-05-04T00:00:00",
"dateUpdated": "2024-08-05T16:48:21.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4988 (GCVE-0-2012-4988)
Vulnerability from cvelistv5
Published
2014-07-09 14:00
Modified
2024-08-06 20:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2012/Oct/36 | mailing-list, x_refsource_FULLDISC | |
| http://www.reactionpenetrationtesting.co.uk/xnview-jls-heap.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/21741/ | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/50825 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79030 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/show/osvdb/85893 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/55787 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:18.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20121003 XnView JLS File Decompression Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2012/Oct/36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.reactionpenetrationtesting.co.uk/xnview-jls-heap.html"
},
{
"name": "21741",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/21741/"
},
{
"name": "50825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50825"
},
{
"name": "xnview-jpegls-bo(79030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79030"
},
{
"name": "85893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/85893"
},
{
"name": "55787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20121003 XnView JLS File Decompression Heap Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2012/Oct/36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.reactionpenetrationtesting.co.uk/xnview-jls-heap.html"
},
{
"name": "21741",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/21741/"
},
{
"name": "50825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50825"
},
{
"name": "xnview-jpegls-bo(79030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79030"
},
{
"name": "85893",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/85893"
},
{
"name": "55787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121003 XnView JLS File Decompression Heap Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Oct/36"
},
{
"name": "http://www.reactionpenetrationtesting.co.uk/xnview-jls-heap.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/xnview-jls-heap.html"
},
{
"name": "21741",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/21741/"
},
{
"name": "50825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50825"
},
{
"name": "xnview-jpegls-bo(79030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79030"
},
{
"name": "85893",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/85893"
},
{
"name": "55787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4988",
"datePublished": "2014-07-09T14:00:00",
"dateReserved": "2012-09-19T00:00:00",
"dateUpdated": "2024-08-06T20:50:18.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10765 (GCVE-0-2017-10765)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at IMM32!ImmLockImeDpi+0x0000000000000050."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10765 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10765"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at IMM32!ImmLockImeDpi+0x0000000000000050.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10765"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at IMM32!ImmLockImeDpi+0x0000000000000050.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10765",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10765"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10765",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15789 (GCVE-0-2017-15789)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000048e7."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15789 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV starting at CADImage+0x00000000000048e7.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV starting at CADImage+0x00000000000048e7.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15789",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15789",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1932 (GCVE-0-2010-1932)
Vulnerability from cvelistv5
Published
2010-06-16 20:00
Modified
2024-08-07 02:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59421 | vdb-entry, x_refsource_XF | |
| http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2010/1468 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/40141 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/40852 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1024100 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xnview-mbm-bo(59421)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59421"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow"
},
{
"name": "ADV-2010-1468",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1468"
},
{
"name": "40141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40141"
},
{
"name": "40852",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40852"
},
{
"name": "1024100",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xnview-mbm-bo(59421)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59421"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow"
},
{
"name": "ADV-2010-1468",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1468"
},
{
"name": "40141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40141"
},
{
"name": "40852",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40852"
},
{
"name": "1024100",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024100"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xnview-mbm-bo(59421)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59421"
},
{
"name": "http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow"
},
{
"name": "ADV-2010-1468",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1468"
},
{
"name": "40141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40141"
},
{
"name": "40852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40852"
},
{
"name": "1024100",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024100"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1932",
"datePublished": "2010-06-16T20:00:00",
"dateReserved": "2010-05-11T00:00:00",
"dateUpdated": "2024-08-07T02:17:13.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15787 (GCVE-0-2017-15787)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation starting at xnview+0x0000000000580063."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15787 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"Data Execution Prevention Violation starting at xnview+0x0000000000580063.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"Data Execution Prevention Violation starting at xnview+0x0000000000580063.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15787",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15787",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10745 (GCVE-0-2017-10745)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!RtlProcessFlsData+0x00000000000000b0."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10745 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!RtlProcessFlsData+0x00000000000000b0.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!RtlProcessFlsData+0x00000000000000b0.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10745",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10745",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10782 (GCVE-0-2017-10782)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10782 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10782"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10782"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10782",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10782"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10782",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10740 (GCVE-0-2017-10740)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10740 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10740",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10740",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3938 (GCVE-0-2013-3938)
Vulnerability from cvelistv5
Published
2014-03-18 14:00
Modified
2024-08-06 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/56172 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/66187 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56172"
},
{
"name": "66187",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66187"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-03-18T11:57:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "56172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56172"
},
{
"name": "66187",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66187"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56172"
},
{
"name": "66187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66187"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3938",
"datePublished": "2014-03-18T14:00:00",
"dateReserved": "2013-06-04T00:00:00",
"dateUpdated": "2024-08-06T16:30:48.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13084 (GCVE-0-2019-13084)
Vulnerability from cvelistv5
Published
2019-06-30 15:45
Modified
2024-08-04 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x26b739.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x26b739.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-30T15:45:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x26b739.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x26b739.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x26b739.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13084",
"datePublished": "2019-06-30T15:45:02",
"dateReserved": "2019-06-30T00:00:00",
"dateUpdated": "2024-08-04T23:41:10.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10755 (GCVE-0-2017-10755)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInitializeThread+0x000000000000010b."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10755 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInitializeThread+0x000000000000010b.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInitializeThread+0x000000000000010b.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10755",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10755",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10763 (GCVE-0-2017-10763)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByHandle+0x0000000000000031."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10763 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByHandle+0x0000000000000031.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10763"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByHandle+0x0000000000000031.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10763",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10763"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10763",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9905 (GCVE-0-2017-9905)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at Xfpx!gffGetFormatInfo+0x00000000000228e8."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9905 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at Xfpx!gffGetFormatInfo+0x00000000000228e8.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at Xfpx!gffGetFormatInfo+0x00000000000228e8.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9905",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9905",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17261 (GCVE-0-2019-17261)
Vulnerability from cvelistv5
Published
2019-10-08 11:16
Modified
2024-08-05 01:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.xnview.com/en/xnview/#changelog | x_refsource_MISC | |
| https://github.com/linhlhq/research/blob/master/README.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T11:16:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.xnview.com/en/xnview/#changelog",
"refsource": "MISC",
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"name": "https://github.com/linhlhq/research/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/linhlhq/research/blob/master/README.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17261",
"datePublished": "2019-10-08T11:16:04",
"dateReserved": "2019-10-06T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14280 (GCVE-0-2017-14280)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14280 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14280"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14280",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14280"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14280",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14580 (GCVE-0-2017-14580)
Vulnerability from cvelistv5
Published
2017-09-18 17:00
Modified
2024-08-05 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000870f."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14580 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:38.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14580"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at jbig2dec+0x000000000000870f.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14580"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at jbig2dec+0x000000000000870f.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14580",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14580"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14580",
"datePublished": "2017-09-18T17:00:00",
"dateReserved": "2017-09-18T00:00:00",
"dateUpdated": "2024-08-05T19:34:38.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0276 (GCVE-0-2012-0276)
Vulnerability from cvelistv5
Published
2012-07-17 21:00
Modified
2024-08-06 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=49 | x_refsource_MISC | |
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/48666 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/19338 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=48 | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/19337 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:29.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=49"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"name": "48666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48666"
},
{
"name": "19338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/19338"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=48"
},
{
"name": "19337",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/19337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-25T09:00:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=49"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"name": "48666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48666"
},
{
"name": "19338",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/19338"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=48"
},
{
"name": "19337",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/19337"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-0276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=49",
"refsource": "MISC",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=49"
},
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"name": "48666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48666"
},
{
"name": "19338",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19338"
},
{
"name": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=48",
"refsource": "MISC",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=48"
},
{
"name": "19337",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19337"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-0276",
"datePublished": "2012-07-17T21:00:00",
"dateReserved": "2011-12-30T00:00:00",
"dateUpdated": "2024-08-06T18:23:29.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14273 (GCVE-0-2017-14273)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14273 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14273",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14273",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9895 (GCVE-0-2017-9895)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e95."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9895 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e95.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9895"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e95.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9895",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9895"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9895",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15773 (GCVE-0-2017-15773)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285d79."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15773 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285d79.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15773"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285d79.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15773",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15773"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15773",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:49.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10749 (GCVE-0-2017-10749)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10749 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:10.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10749"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10749"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10749",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10749"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10749",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:10.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10746 (GCVE-0-2017-10746)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10746",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10776 (GCVE-0-2017-10776)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a "Read Access Violation starting at ntdll_77df0000!LdrShutdownProcess+0x0000000000000130."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10776 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10776"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a \"Read Access Violation starting at ntdll_77df0000!LdrShutdownProcess+0x0000000000000130.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10776"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a \"Read Access Violation starting at ntdll_77df0000!LdrShutdownProcess+0x0000000000000130.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10776",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10776"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10776",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3493 (GCVE-0-2013-3493)
Vulnerability from cvelistv5
Published
2020-01-27 14:26
Modified
2024-08-06 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- integer overflow
Summary
XnView 2.03 has an integer overflow vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/61505 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "2.03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.03 has an integer overflow vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "integer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T14:26:46",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/61505"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView 2.03 has an integer overflow vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/61505",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/61505"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3493",
"datePublished": "2020-01-27T14:26:46",
"dateReserved": "2013-05-07T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14538 (GCVE-0-2017-14538)
Vulnerability from cvelistv5
Published
2017-09-18 17:00
Modified
2024-08-05 19:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14538 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14538"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14538"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14538",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14538"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14538",
"datePublished": "2017-09-18T17:00:00",
"dateReserved": "2017-09-18T00:00:00",
"dateUpdated": "2024-08-05T19:27:40.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13262 (GCVE-0-2019-13262)
Vulnerability from cvelistv5
Published
2019-07-04 15:07
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:07:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13262",
"datePublished": "2019-07-04T15:07:13",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:23.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4001 (GCVE-0-2009-4001)
Vulnerability from cvelistv5
Published
2010-03-12 20:00
Modified
2024-08-07 06:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/secunia_research/2009-60/ | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/509999/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56802 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/38629 | vdb-entry, x_refsource_BID | |
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=19469 | x_refsource_CONFIRM | |
| http://www.osvdb.org/62829 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2009-60/"
},
{
"name": "20100310 Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509999/100/0/threaded"
},
{
"name": "xnview-dicom-bo(56802)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56802"
},
{
"name": "38629",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=19469"
},
{
"name": "62829",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/62829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2009-60/"
},
{
"name": "20100310 Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509999/100/0/threaded"
},
{
"name": "xnview-dicom-bo(56802)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56802"
},
{
"name": "38629",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=19469"
},
{
"name": "62829",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/62829"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-4001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2009-60/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-60/"
},
{
"name": "20100310 Secunia Research: XnView DICOM Parsing Integer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509999/100/0/threaded"
},
{
"name": "xnview-dicom-bo(56802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56802"
},
{
"name": "38629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38629"
},
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=19469",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=19469"
},
{
"name": "62829",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/62829"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2009-4001",
"datePublished": "2010-03-12T20:00:00",
"dateReserved": "2009-11-19T00:00:00",
"dateUpdated": "2024-08-07T06:45:50.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10748 (GCVE-0-2017-10748)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000022bf8d."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10748 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10748"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at xnview+0x000000000022bf8d.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10748"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at xnview+0x000000000022bf8d.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10748",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10748"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10748",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10757 (GCVE-0-2017-10757)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10757 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10757"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10757",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10757"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10757",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9893 (GCVE-0-2017-9893)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000012548."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9893 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9893"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000012548.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9893"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000012548.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9893",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9893"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9893",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3247 (GCVE-0-2013-3247)
Vulnerability from cvelistv5
Published
2020-01-02 19:38
Modified
2024-08-06 16:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84642 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:10.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.03"
}
]
}
],
"datePublic": "2013-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:38:36",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml",
"refsource": "MISC",
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3247",
"datePublished": "2020-01-02T19:38:36",
"dateReserved": "2013-04-22T00:00:00",
"dateUpdated": "2024-08-06T16:00:10.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15785 (GCVE-0-2017-15785)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15785 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15785"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15785"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15785",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15785"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15785",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9902 (GCVE-0-2017-9902)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e91."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e91.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e91.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9902",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10759 (GCVE-0-2017-10759)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInsertDependencyRecord+0x0000000000000039."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10759 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10759"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInsertDependencyRecord+0x0000000000000039.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10759"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInsertDependencyRecord+0x0000000000000039.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10759",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10759"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10759",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3939 (GCVE-0-2013-3939)
Vulnerability from cvelistv5
Published
2020-01-02 19:11
Modified
2024-08-06 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/52101 | third-party-advisory, x_refsource_SECUNIA | |
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:48.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"datePublic": "2013-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:11:43",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "52101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52101"
},
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3939",
"datePublished": "2020-01-02T19:11:43",
"dateReserved": "2013-06-04T00:00:00",
"dateUpdated": "2024-08-06T16:30:48.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9896 (GCVE-0-2017-9896)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000013e8a."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9896 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:25:00.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9896"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000013e8a.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9896"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000013e8a.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9896",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9896"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9896",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:25:00.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9909 (GCVE-0-2017-9909)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9909 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9909",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9909",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10743 (GCVE-0-2017-10743)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!LdrpInitializeNode+0x000000000000015b."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10743 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10743"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!LdrpInitializeNode+0x000000000000015b.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10743"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!LdrpInitializeNode+0x000000000000015b.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10743",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10743"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10743",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10775 (GCVE-0-2017-10775)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a "Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a \"Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a \"Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10775",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10738 (GCVE-0-2017-10738)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from KERNELBASE!CompareStringW+0x0000000000000082."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10738 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:10.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10738"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from KERNELBASE!CompareStringW+0x0000000000000082.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10738"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from KERNELBASE!CompareStringW+0x0000000000000082.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10738",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10738"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10738",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:10.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10779 (GCVE-0-2017-10779)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000013a20."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10779 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000013a20.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000013a20.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10779",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10779",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10758 (GCVE-0-2017-10758)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000004b4."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10758 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000004b4.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10758"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000004b4.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10758",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10758"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10758",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13261 (GCVE-0-2019-13261)
Vulnerability from cvelistv5
Published
2019-07-04 15:07
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:07:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13261",
"datePublished": "2019-07-04T15:07:05",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10781 (GCVE-0-2017-10781)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByName+0x00000000000000a5."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10781 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByName+0x00000000000000a5.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByName+0x00000000000000a5.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10781",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10781",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10778 (GCVE-0-2017-10778)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000233125."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10778 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10778"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000233125.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10778"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000233125.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10778",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10778"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10778",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13255 (GCVE-0-2019-13255)
Vulnerability from cvelistv5
Published
2019-07-04 15:06
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327464.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327464.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327464.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327464.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327464.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13255",
"datePublished": "2019-07-04T15:06:21",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:23.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0684 (GCVE-0-2012-0684)
Vulnerability from cvelistv5
Published
2012-05-09 10:00
Modified
2024-09-16 20:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685.
References
| ▼ | URL | Tags |
|---|---|---|
| http://technet.microsoft.com/en-us/security/msvr/msvr12-001 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-05-09T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001",
"refsource": "MISC",
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0684",
"datePublished": "2012-05-09T10:00:00Z",
"dateReserved": "2012-01-12T00:00:00Z",
"dateUpdated": "2024-09-16T20:03:08.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8282 (GCVE-0-2017-8282)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in "Browser" mode, because of a "User Mode Write AV near NULL" in XnView.exe.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8282 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"User Mode Write AV near NULL\" in XnView.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"User Mode Write AV near NULL\" in XnView.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8282",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8282",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9900 (GCVE-0-2017-9900)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9900 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9900"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9900",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9900",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10768 (GCVE-0-2017-10768)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10768",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9911 (GCVE-0-2017-9911)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx+0x0000000000010e81."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9911 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx+0x0000000000010e81.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9911"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx+0x0000000000010e81.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9911",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9911"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9911",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15175 (GCVE-0-2018-15175)
Vulnerability from cvelistv5
Published
2018-08-08 00:00
Modified
2024-09-17 03:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://code610.blogspot.com/2018/08/updating-xnview.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-08T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code610.blogspot.com/2018/08/updating-xnview.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15175",
"datePublished": "2018-08-08T00:00:00Z",
"dateReserved": "2018-08-07T00:00:00Z",
"dateUpdated": "2024-09-17T03:38:27.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3246 (GCVE-0-2013-3246)
Vulnerability from cvelistv5
Published
2020-01-02 19:38
Modified
2024-08-06 16:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84643 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:10.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XnView",
"vendor": "XnView",
"versions": [
{
"status": "affected",
"version": "before 2.03"
}
]
}
],
"datePublic": "2013-06-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-02T19:38:44",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.03"
}
]
}
}
]
},
"vendor_name": "XnView"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml",
"refsource": "MISC",
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2013-3246",
"datePublished": "2020-01-02T19:38:44",
"dateReserved": "2013-04-22T00:00:00",
"dateUpdated": "2024-08-06T16:00:10.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10764 (GCVE-0-2017-10764)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at COMCTL32!Tab_OnGetItem+0x000000000000002f."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10764 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at COMCTL32!Tab_OnGetItem+0x000000000000002f.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at COMCTL32!Tab_OnGetItem+0x000000000000002f.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10764",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10764",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14275 (GCVE-0-2017-14275)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14275 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14275"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14275",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14275"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14275",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9904 (GCVE-0-2017-9904)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9904 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9904"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9904",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9904",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14281 (GCVE-0-2017-14281)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14281 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14281"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14281",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14281"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14281",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13259 (GCVE-0-2019-13259)
Vulnerability from cvelistv5
Published
2019-07-04 15:06
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e566.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e566.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:06:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e566.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e566.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e566.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13259",
"datePublished": "2019-07-04T15:06:51",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10737 (GCVE-0-2017-10737)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:10.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10737",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:10.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10773 (GCVE-0-2017-10773)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at MSCTF!_CtfImeCreateThreadMgr+0x00000000000000a8."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10773 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10773"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at MSCTF!_CtfImeCreateThreadMgr+0x00000000000000a8.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10773"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at MSCTF!_CtfImeCreateThreadMgr+0x00000000000000a8.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10773",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10773"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10773",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15774 (GCVE-0-2017-15774)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls Code Flow starting at CADImage+0x0000000000221a9a."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15774 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls Code Flow starting at CADImage+0x0000000000221a9a.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls Code Flow starting at CADImage+0x0000000000221a9a.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15774",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15774",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10770 (GCVE-0-2017-10770)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x000000000000053a."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10770 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10770"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x000000000000053a.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10770"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x000000000000053a.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10770",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10770"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10770",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10777 (GCVE-0-2017-10777)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b24."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10777 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10777"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b24.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b24.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10777",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10777"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10777",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14274 (GCVE-0-2017-14274)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14274 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14274"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14274"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14274",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14274"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14274",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10772 (GCVE-0-2017-10772)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018" (with RPC initialization).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10772 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018\" (with RPC initialization)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10772"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018\" (with RPC initialization)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10772",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10772"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10772",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13254 (GCVE-0-2019-13254)
Vulnerability from cvelistv5
Published
2019-07-04 15:06
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e808.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e808.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e808.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e808.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e808.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13254",
"datePublished": "2019-07-04T15:06:13",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13257 (GCVE-0-2019-13257)
Vulnerability from cvelistv5
Published
2019-07-04 15:06
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003273aa.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:23.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003273aa.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:06:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003273aa.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003273aa.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003273aa.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13257",
"datePublished": "2019-07-04T15:06:35",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:23.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10736 (GCVE-0-2017-10736)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at msvcrt!_VEC_memzero+0x000000000000006a."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10736 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:41:55.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10736"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at msvcrt!_VEC_memzero+0x000000000000006a.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10736"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at msvcrt!_VEC_memzero+0x000000000000006a.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10736",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10736"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10736",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:41:55.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14277 (GCVE-0-2017-14277)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005956."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14277 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005956.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005956.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14277",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14277",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-1051 (GCVE-0-2012-1051)
Vulnerability from cvelistv5
Published
2012-02-13 19:00
Modified
2024-08-06 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/73040 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/78904 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/47352 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/51896 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xnview-qcd-bo(73040)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73040"
},
{
"name": "78904",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/78904"
},
{
"name": "47352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47352"
},
{
"name": "51896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51896"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xnview-qcd-bo(73040)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73040"
},
{
"name": "78904",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/78904"
},
{
"name": "47352",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47352"
},
{
"name": "51896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51896"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xnview-qcd-bo(73040)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73040"
},
{
"name": "78904",
"refsource": "OSVDB",
"url": "http://osvdb.org/78904"
},
{
"name": "47352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47352"
},
{
"name": "51896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51896"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1051",
"datePublished": "2012-02-13T19:00:00",
"dateReserved": "2012-02-13T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8381 (GCVE-0-2017-8381)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in "Browser" mode, because of a "User Mode Write AV near NULL" in XnView.exe.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"User Mode Write AV near NULL\" in XnView.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"User Mode Write AV near NULL\" in XnView.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8381",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-05-01T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10747 (GCVE-0-2017-10747)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000037a8aa."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10747 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at xnview+0x000000000037a8aa.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10747"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at xnview+0x000000000037a8aa.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10747",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10747"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10747",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46587 (GCVE-0-2023-46587)
Vulnerability from cvelistv5
Published
2023-10-27 00:00
Modified
2024-09-12 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:42.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T13:58:22.875751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T20:09:18.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T22:57:42.463562",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46587",
"datePublished": "2023-10-27T00:00:00",
"dateReserved": "2023-10-23T00:00:00",
"dateUpdated": "2024-09-12T20:09:18.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10783 (GCVE-0-2017-10783)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10783 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10783"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10783",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10783"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10783",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9898 (GCVE-0-2017-9898)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x0000000000004cbb."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9898 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:25:00.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x0000000000004cbb.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x0000000000004cbb.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9898",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9898",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:25:00.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10756 (GCVE-0-2017-10756)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpRemoveUCRBlock+0x0000000000000046."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10756 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpRemoveUCRBlock+0x0000000000000046.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpRemoveUCRBlock+0x0000000000000046.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10756",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10756",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14282 (GCVE-0-2017-14282)
Vulnerability from cvelistv5
Published
2017-09-11 18:00
Modified
2024-08-05 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005862."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14282 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005862.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005862.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14282",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14282",
"datePublished": "2017-09-11T18:00:00",
"dateReserved": "2017-09-11T00:00:00",
"dateUpdated": "2024-08-05T19:20:41.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15780 (GCVE-0-2017-15780)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285dad."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285dad.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285dad.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15780",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0685 (GCVE-0-2012-0685)
Vulnerability from cvelistv5
Published
2012-05-09 10:00
Modified
2024-09-17 01:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684.
References
| ▼ | URL | Tags |
|---|---|---|
| http://technet.microsoft.com/en-us/security/msvr/msvr12-001 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-05-09T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001",
"refsource": "MISC",
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0685",
"datePublished": "2012-05-09T10:00:00Z",
"dateReserved": "2012-01-12T00:00:00Z",
"dateUpdated": "2024-09-17T01:51:11.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9906 (GCVE-0-2017-9906)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9906",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9903 (GCVE-0-2017-9903)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx+0x00000000000117ff."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9903 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:24:59.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx+0x00000000000117ff.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9903"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx+0x00000000000117ff.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9903",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9903"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9903",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:24:59.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15779 (GCVE-0-2017-15779)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15779 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:49.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15779",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15779",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:49.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15174 (GCVE-0-2018-15174)
Vulnerability from cvelistv5
Published
2018-08-08 00:00
Modified
2024-09-17 00:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://code610.blogspot.com/2018/08/updating-xnview.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:46:25.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-08T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code610.blogspot.com/2018/08/updating-xnview.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-15174",
"datePublished": "2018-08-08T00:00:00Z",
"dateReserved": "2018-08-07T00:00:00Z",
"dateUpdated": "2024-09-17T00:21:16.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9899 (GCVE-0-2017-9899)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e388."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9899 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:25:00.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e388.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e388.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9899",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9899",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-06-25T00:00:00",
"dateUpdated": "2024-08-05T17:25:00.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15772 (GCVE-0-2017-15772)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285e9d."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15772 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285e9d.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15772"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285e9d.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15772",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15772"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15772",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10769 (GCVE-0-2017-10769)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018" (without RPC initialization).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10769 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10769"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018\" (without RPC initialization)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10769"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018\" (without RPC initialization)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10769",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10769"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10769",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13260 (GCVE-0-2019-13260)
Vulnerability from cvelistv5
Published
2019-07-04 15:06
Modified
2024-08-04 23:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327a07.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327a07.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-04T15:06:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327a07.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327a07.md",
"refsource": "MISC",
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327a07.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13260",
"datePublished": "2019-07-04T15:06:59",
"dateReserved": "2019-07-04T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15802 (GCVE-0-2017-15802)
Vulnerability from cvelistv5
Published
2017-10-22 19:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15802",
"datePublished": "2017-10-22T19:00:00",
"dateReserved": "2017-10-22T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11950 (GCVE-0-2024-11950)
Vulnerability from cvelistv5
Published
2024-12-11 21:54
Modified
2024-12-12 15:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Summary
XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1640/ | x_research-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| XnSoft | XnView Classic |
Version: 2.51.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T15:31:57.325557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T15:47:33.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "XnView Classic",
"vendor": "XnSoft",
"versions": [
{
"status": "affected",
"version": "2.51.5"
}
]
}
],
"dateAssigned": "2024-11-27T17:40:42.496-06:00",
"datePublic": "2024-12-02T13:52:02.065-06:00",
"descriptions": [
{
"lang": "en",
"value": "XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\n\nThe specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T21:54:29.280Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1640",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1640/"
}
],
"source": {
"lang": "en",
"value": "Im Junhyuk, Jeong Soeun, Im Seongmin, Lee Jinhyeok, Hyun Chae-eul, Lee Hyungyu"
},
"title": "XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-11950",
"datePublished": "2024-12-11T21:54:29.280Z",
"dateReserved": "2024-11-27T23:40:42.459Z",
"dateUpdated": "2024-12-12T15:47:33.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2577 (GCVE-0-2013-2577)
Vulnerability from cvelistv5
Published
2013-08-09 21:00
Modified
2024-08-06 15:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=28400 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/85919 | vdb-entry, x_refsource_XF | |
| http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability | x_refsource_MISC | |
| http://www.securitytracker.com/id/1028817 | vdb-entry, x_refsource_SECTRACK | |
| http://www.exploit-db.com/exploits/27049 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/95580 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/54174 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=28400"
},
{
"name": "xnview-pctfile-bo(85919)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85919"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability"
},
{
"name": "1028817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028817"
},
{
"name": "27049",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/27049"
},
{
"name": "95580",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95580"
},
{
"name": "20130722 CORE-2013-0705 - XnView Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html"
},
{
"name": "54174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54174"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=28400"
},
{
"name": "xnview-pctfile-bo(85919)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85919"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability"
},
{
"name": "1028817",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028817"
},
{
"name": "27049",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/27049"
},
{
"name": "95580",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95580"
},
{
"name": "20130722 CORE-2013-0705 - XnView Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html"
},
{
"name": "54174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54174"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=28400",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=28400"
},
{
"name": "xnview-pctfile-bo(85919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85919"
},
{
"name": "http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability"
},
{
"name": "1028817",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028817"
},
{
"name": "27049",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/27049"
},
{
"name": "95580",
"refsource": "OSVDB",
"url": "http://osvdb.org/95580"
},
{
"name": "20130722 CORE-2013-0705 - XnView Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html"
},
{
"name": "54174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54174"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2577",
"datePublished": "2013-08-09T21:00:00",
"dateReserved": "2013-03-15T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10739 (GCVE-0-2017-10739)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000000c1b541c called from xnview+0x00000000003826ec."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10739 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:10.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000000c1b541c called from xnview+0x00000000003826ec.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000000c1b541c called from xnview+0x00000000003826ec.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10739",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10739",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:10.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0277 (GCVE-0-2012-0277)
Vulnerability from cvelistv5
Published
2012-07-17 21:00
Modified
2024-08-06 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/19336 | exploit, x_refsource_EXPLOIT-DB | |
| http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/48666 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=50 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:23:29.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19336",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/19336"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"name": "48666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48666"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-25T09:00:00",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "19336",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/19336"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"name": "48666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48666"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=50"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-0277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19336",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19336"
},
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"name": "48666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48666"
},
{
"name": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=50",
"refsource": "MISC",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=50"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2012-0277",
"datePublished": "2012-07-17T21:00:00",
"dateReserved": "2011-12-30T00:00:00",
"dateUpdated": "2024-08-06T18:23:29.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15778 (GCVE-0-2017-15778)
Vulnerability from cvelistv5
Published
2017-10-22 17:00
Modified
2024-08-05 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285de7."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15778 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:50.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15778"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285de7.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-22T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15778"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285de7.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15778",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15778"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15778",
"datePublished": "2017-10-22T17:00:00",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-08-05T20:04:50.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10753 (GCVE-0-2017-10753)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByMapping+0x0000000000000046."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10753 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:11.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByMapping+0x0000000000000046.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10753"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByMapping+0x0000000000000046.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10753",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10753"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10753",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:11.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10741 (GCVE-0-2017-10741)
Vulnerability from cvelistv5
Published
2017-07-05 19:00
Modified
2024-08-05 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121."
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10741 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:10.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10741",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10741",
"datePublished": "2017-07-05T19:00:00",
"dateReserved": "2017-07-01T00:00:00",
"dateUpdated": "2024-08-05T17:50:10.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx+0x00000000000117ff."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9903 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9903 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx+0x00000000000117ff.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos ejecutar c\u00f3digo mediante un archivo .fpx manipulado, relacionado a \"Data from Faulting Address controls Code Flow comenzado en Xfpx+0x00000000000117ff.\""
}
],
"id": "CVE-2017-9903",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9903"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9900 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9900 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos ejecutar c\u00f3digo mediante un archivo .fpx manipulado, relacionado a \"Data from Faulting Address controls Code Flow comenzado en Xfpx!gffGetFormatInfo+0x000000000002e385.\""
}
],
"id": "CVE-2017-9900",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9900"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327a07.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327a07.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "570AC220-662F-4446-9611-4B13BC6FDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327a07."
},
{
"lang": "es",
"value": "XnView Classic 2.48 tiene un User Mode Write AV iniciando en xnview+0x0000000000327a07."
}
],
"id": "CVE-2019-13260",
"lastModified": "2024-11-21T04:24:34.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T16:15:12.040",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327a07.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327a07.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000013e8a."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9896 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9896 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000013e8a.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos ejecutar c\u00f3digo mediante un archivo .fpx manipulado, relacionado a \"Read Access Violation on Control Flow comenzado en Xfpx!gffGetFormatInfo+0x0000000000013e8a.\""
}
],
"id": "CVE-2017-9896",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9896"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-08 00:29
Modified
2024-11-21 03:50
Severity ?
Summary
XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://code610.blogspot.com/2018/08/updating-xnview.html | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://code610.blogspot.com/2018/08/updating-xnview.html | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.45:*:*:*:*:*:*:*",
"matchCriteriaId": "99D313B0-7C40-4051-8C00-C626DF13E943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file."
},
{
"lang": "es",
"value": "XnView 2.45 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (violaci\u00f3n de acceso de lectura en puntero de instrucci\u00f3n y cierre inesperado de la aplicaci\u00f3n) o, posiblemente, otro impacto no especificado mediante un archivo ICO manipulado."
}
],
"id": "CVE-2018-15174",
"lastModified": "2024-11-21T03:50:27.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-08T00:29:01.863",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-17 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5EA72D-BC3C-47E5-9EDF-A17310EB59FC",
"versionEndIncluding": "1.98.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de pila basado en b\u00fafer en XnView anterior a v1.99 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor ImageLeftPosition dise\u00f1ado en una estructura ImageDescriptor en una imagen GIF."
}
],
"id": "CVE-2012-0282",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-07-17T21:55:01.287",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48666"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/19335"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.osvdb.org/83086"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/19335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/83086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=51"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente no especificado otro impacto por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029\"."
}
],
"id": "CVE-2017-10760",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10760"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!LdrpInitializeNode+0x000000000000015b."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10743 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10743 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!LdrpInitializeNode+0x000000000000015b.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a \"Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!LdrpInitializeNode+0x000000000000015b.\""
}
],
"id": "CVE-2017-10743",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.123",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10743"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e808.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e808.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "570AC220-662F-4446-9611-4B13BC6FDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808."
},
{
"lang": "es",
"value": "XnView Classic 2.48 tiene un User Mode Write AV iniciando en xnview+0x000000000032e808."
}
],
"id": "CVE-2019-13254",
"lastModified": "2024-11-21T04:24:33.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T16:15:11.650",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e808.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e808.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10757 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10757 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6\"."
}
],
"id": "CVE-2017-10757",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10757"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV near NULL starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10750 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10750 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV near NULL starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a un \"User Mode Write AV near NULL starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.\""
}
],
"id": "CVE-2017-10750",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10750"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e95."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9895 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9895 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e95.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos ejecutar c\u00f3digo mediante un archivo .fpx manipulado, relacionado a \"Read Access Violation on Control Flow comenzado en Xfpx!gffGetFormatInfo+0x0000000000020e95.\""
}
],
"id": "CVE-2017-9895",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9895"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000029272."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9894 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9894 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000029272.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos ejecutar c\u00f3digo mediante un archivo .fpx manipulado, relacionado a \"User Mode Write AV comenzado en Xfpx!gffGetFormatInfo+0x0000000000029272.\""
}
],
"id": "CVE-2017-9894",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9894"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15801 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15801 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .dll manipulado que se gestiona de manera incorrecta durante un intento de representar el icono DLL. Esta vulnerabilidad est\u00e1 relacionada con \"Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e\"."
}
],
"id": "CVE-2017-15801",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T19:29:00.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15801"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-09 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AC9F56-D9AA-4D92-AE41-285865E09683",
"versionEndIncluding": "2.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.0:a:*:*:*:*:*:*",
"matchCriteriaId": "D1160EF2-C078-4C0A-999B-05B6D42FC65F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "26750A49-32A9-41C4-B4FC-4C53650D5B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "E93C259A-6715-468F-A1E1-CF954761EE84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "70F7DBD6-D249-4D64-B2FB-D486785F26E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "662F38C4-C400-435E-BCD4-0021AB6FA4FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B4B6DE-A8D1-4B76-9873-F3FF386B6647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.05:b:*:*:*:*:*:*",
"matchCriteriaId": "2F17BB19-F2EC-49EA-95FE-55126352D8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.05:c:*:*:*:*:*:*",
"matchCriteriaId": "BE7CE2C1-5D75-4760-891D-E53409F08A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "773D4D55-D241-41DD-A802-90F6B8037544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.07:*:*:*:*:*:*:*",
"matchCriteriaId": "F39E52FA-38AA-44CD-A027-9189BCD27E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.08:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5AD70E-6E6A-4D26-BF7B-FDBC169AE62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "874FB295-26DC-4BD4-84A7-D396D4B9F8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "34CE10DC-AC95-4A92-BF18-DE839FEB3EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5D72A3-82A9-44FF-AF40-AE4534DF13D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4D2D41-0934-4F2E-9033-7866342A6148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCC4DC4-FBB3-4B85-B7A1-0FDEE513DA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA5158C-0F58-4C3D-8E36-61231E1D1F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "37B04085-8D2F-4DFD-B577-AFDCAA366335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AD62B251-470E-4D4F-93D2-E87453037CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7E1A0-63FD-4608-A070-D4D867671055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.17:a:*:*:*:*:*:*",
"matchCriteriaId": "28452A67-510F-4D6A-A96D-E51C0DD8B6E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9B481D02-6F2F-4230-94BB-3EC257993D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB44AE2-8FCA-406B-AEE0-E724518CE74E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "41353F26-E155-41D5-9412-4E3FC28F1701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "55F1494F-8A2C-4362-832B-3B3887794F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "29E0879C-7580-49ED-93A5-7E072B3B6D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABD9EED-E230-455E-9052-23C08EE392D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0FA50E-9965-4FA3-BB85-E63CD0824914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "02C9ACEF-6B7C-42D5-8D68-04C7915B9039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "29EF6CFD-A098-41D6-9E8F-9842A9C16048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.25:a:*:*:*:*:*:*",
"matchCriteriaId": "102E7705-5533-4214-ACEE-B7C02CB454E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB38B70-E59C-42CE-877C-D3322157E483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9A159A1F-85FB-4C5C-8D8E-399F30CDA115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "67738CAF-186D-4831-AE04-E9E509BBC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "52D407A4-8499-4DA2-99D7-0DE4C5F7F2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FECC88-9938-4AD0-889F-559C8F99B5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.35:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B324FA-DC14-44F8-8B63-0A2C71455726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.36:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C31A9-1239-4B22-AAA9-8294714EF677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.37:*:*:*:*:*:*:*",
"matchCriteriaId": "98E67FA4-9AB4-4A2D-8B61-A90A09FA1484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "F988A618-07A7-438C-9FE2-EE2D1C9A1874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "24A5B8B1-64FB-4B4D-825C-9F5049F61484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2393E-715C-4B26-8868-AB0A71F22CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "679BF820-BF6B-4004-9F4D-7CE883456C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C0897791-B53F-4724-80F5-099DA55E2F7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.50.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348D00F9-5BF2-4B16-9DC7-5165E92C8610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.55:*:*:*:*:*:*:*",
"matchCriteriaId": "6911582E-232F-44D8-82E6-104BD10F93E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA514C3-D3BA-449E-A3E3-46917666F425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.61:*:*:*:*:*:*:*",
"matchCriteriaId": "6B4D2CAD-8714-4CE4-969B-C157F33C5AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.65:*:*:*:*:*:*:*",
"matchCriteriaId": "724E0679-4A89-4F7A-AF41-EA9C3A5C7C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.66:*:*:*:*:*:*:*",
"matchCriteriaId": "4EBA50FC-6C50-42C5-8361-0165C7BE844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.67:*:*:*:*:*:*:*",
"matchCriteriaId": "38F201D3-52E9-4D1E-9CDF-7224DA766BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.68:*:*:*:*:*:*:*",
"matchCriteriaId": "66EB8513-6378-49E6-B7F7-52C5FEA40452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF190D40-A8FA-43BA-AE0E-4ED50ED2B14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70:*:*:*:*:*:*:*",
"matchCriteriaId": "0E27EB1D-5AE3-4002-829B-6AA0AE8D60F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB57494-C072-4C99-A0D2-207E2DEA76C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5798EA-8ADC-4632-BBD4-811207EAFCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2BA7BA-EACB-41C5-9C0C-376678990766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "A195F27B-4B38-4882-B34C-D729CC8ACB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80:*:*:*:*:*:*:*",
"matchCriteriaId": "FC73F60A-D89E-46FE-BA89-EAFE509489D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA0EDE4-DF5A-4152-B113-75E93910F556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2427F9F0-76C3-4C53-A794-6C0E839A1BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4400B8A-5D9B-4E68-830D-28D70969DDA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82:*:*:*:*:*:*:*",
"matchCriteriaId": "0E21984E-6830-44B9-BFCD-5EFC9886272E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16CBF0CE-9CBC-4C12-8061-B186543ABF0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B628ABE-2FB9-477E-859A-51AD323BF64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A66BCB0-D555-4627-BADA-806DA84E3167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "A2346275-34F4-456E-8A9D-BB5DB24487D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA55EEC-4213-42B6-9C1A-FE9CB076DEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.90.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F3174A-3C30-4FBC-8478-21DA00661F4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "779BD454-9656-4B71-899E-FE0CC2413435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37E3E487-26EC-4843-A80A-B02D6180FCB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.2:*:*:*:*:*:*:*",
"matchCriteriaId": "323F2315-A433-4278-B4B1-F089A2F3E31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8E049E-4353-41A1-AB90-107D4CDB291A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52354ABE-D603-4D6D-99AA-3EB3CA33DF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2E41CB-D8AC-4D33-A81D-A66C3CFBE644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B014AC9-6A9B-49AE-806F-DF3683169DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "26269B37-EE6D-4829-8100-656AFC6D706D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01370703-08C0-49C3-A7F6-5C223FB146C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93:*:*:*:*:*:*:*",
"matchCriteriaId": "222D7302-E49E-4BD8-9E4D-872AA3103A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F10DEFA8-377A-434D-A353-4C428A9A13F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.2:*:*:*:*:*:*:*",
"matchCriteriaId": "481D1D7F-5A8A-4A5D-A499-A733ACA00CD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D686020-C181-4F84-8418-C90ABE387D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9BF2F4-8821-48E8-8421-AF0AA761EF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB56C26-5E49-47BB-89DE-C501400329FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.94:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE38635-D538-4D61-83D9-61D7D3A89C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.94.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC83C981-C43B-4B8E-A912-2F4729F77B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.94.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD418E1-79FA-4942-AB0D-9B45C1368890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AE1B44-0384-4043-9892-FE57E530BE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD61FD5-A98B-4793-B7B6-D25307B89F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48950A60-115D-4685-B3D2-6AE54AE2737E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C64D9A65-BE9C-4295-9DAD-B3DB9E915E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4996E2-0085-44FE-8C29-A4734A1D61FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9B7628-C72F-44BD-92BB-2E85DEAA003E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05C35C3-3BBA-43FD-AE8D-C132AB6330F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5B1D98-83E7-41C3-84E2-D0552B37644F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "19D77398-388F-420C-94D1-C1EAC1635C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACCCCC3-0331-4ABA-9ED8-9C1E1381FE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D55F2D9-720C-4FC5-AC12-DB26A3F90F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D80CC7A1-8F73-4941-933D-F7CBA286E0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEF6394-EFE4-42A0-AE1B-AB85609E82C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB36873-6A5F-4E2D-A5D4-053B45C38987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F80F5EE4-1637-4D16-9F96-B9328193DBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0B517F8D-A7D3-410D-B871-3C7900201B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C14A72C9-7DDE-469F-9051-A0EA791F0731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8A818955-59E8-48FA-A061-A7FE40EDB030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.98:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7BD3AC-8DA8-474B-BB71-97E73FDAD79E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.98.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39DE535E-6D68-4EAA-A0B3-821912868988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.98.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62A277C6-08F3-422B-8033-BD9DD908983E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.98.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8D46F6-941C-4339-B4A1-2951A458F50E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.98.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A33C9BCE-1324-470E-8831-A5F019D98A66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824BE980-8766-4322-93CD-1AE271DE7F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.98.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FCD878A8-F271-4E89-870E-BCFEF76B62F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.98.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8723144F-E8D8-4A26-875B-C1A501235DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.98.8:*:*:*:*:*:*:*",
"matchCriteriaId": "36C2D0B1-3F6B-43E6-9D10-F7AD66B9525F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.99:*:*:*:*:*:*:*",
"matchCriteriaId": "631010D0-E262-404A-A95E-1B1EADB9947D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4738D2D-C1A0-45FB-B3CC-E0164C562F04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en XnView anterior a v2.04 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo PCT manipulado."
}
],
"id": "CVE-2013-2577",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-09T21:55:06.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=28400"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/95580"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54174"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/27049"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1028817"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=28400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/95580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/27049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85919"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b4a."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10780 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10780 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b4a.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b4a\"."
}
],
"id": "CVE-2017-10780",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10780"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285dad."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285dad.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .dwg manipulado, relacionado con \"Read Access Violation starting at CADImage+0x0000000000285dad\"."
}
],
"id": "CVE-2017-15780",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:01.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000037a8aa."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10747 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10747 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at xnview+0x000000000037a8aa.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a un \"User Mode Write AV starting at xnview+0x000000000037a8aa.\""
}
],
"id": "CVE-2017-10747",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10747"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!FindSortHashNode+0x0000000000000040."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10774 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10774 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at KERNELBASE!FindSortHashNode+0x0000000000000040.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at KERNELBASE!FindSortHashNode+0x0000000000000040\"."
}
],
"id": "CVE-2017-10774",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10774"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-30 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x30ecfa.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x30ecfa.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "570AC220-662F-4446-9611-4B13BC6FDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa."
},
{
"lang": "es",
"value": "XnView Classic versi\u00f3n 2.48, tiene un User Mode Write AV iniciando en xnview+0x00000000030ecfa."
}
],
"id": "CVE-2019-13085",
"lastModified": "2024-11-21T04:24:10.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-30T16:15:09.887",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x30ecfa.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x30ecfa.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000150."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15803 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15803 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000150.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .dll manipulado que se gestiona de manera incorrecta durante un intento de representar el icono DLL. Esta vulnerabilidad est\u00e1 relacionada con \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000150\"."
}
],
"id": "CVE-2017-15803",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T19:29:00.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15803"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-18 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000870f."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14580 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14580 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "7E016033-D6D3-4D2B-892C-0A7307FB0C86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at jbig2dec+0x000000000000870f.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.41 permite que los atacantes ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio mediante un archivo .jb2 manipulado. Esta vulnerabilidad est\u00e1 relacionada con \"User Mode Write AV starting at jbig2dec+0x000000000000870f\"."
}
],
"id": "CVE-2017-14580",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-18T17:29:01.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14580"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000032eb."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15782 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15782 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV starting at CADImage+0x00000000000032eb.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes ejecuten c\u00f3digo arbitrario o que provoquen una denegaci\u00f3n de servicio mediante un archivo .dwg manipulado, relacionado con \"User Mode Write AV starting at CADImage+0x00000000000032eb\"."
}
],
"id": "CVE-2017-15782",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:02.023",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15782"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-08 00:29
Modified
2024-11-21 03:50
Severity ?
Summary
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://code610.blogspot.com/2018/08/updating-xnview.html | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://code610.blogspot.com/2018/08/updating-xnview.html | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.45:*:*:*:*:*:*:*",
"matchCriteriaId": "99D313B0-7C40-4051-8C00-C626DF13E943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file."
},
{
"lang": "es",
"value": "XnView 2.45 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (AV de escritura del modo de usuario que comienza en Qt5Core!QVariant::~QVariant+0x0000000000000014 y cierre inesperado de la aplicaci\u00f3n) o, posiblemente, otro impacto no especificado mediante un archivo RLE manipulado."
}
],
"id": "CVE-2018-15175",
"lastModified": "2024-11-21T03:50:27.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-08T00:29:02.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-30 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x384e2a.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x384e2a.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "570AC220-662F-4446-9611-4B13BC6FDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a."
},
{
"lang": "es",
"value": "XnView Classic versi\u00f3n 2.48, tiene un User Mode Write AV iniciando en de xnview+0x000000000384e2a."
}
],
"id": "CVE-2019-13083",
"lastModified": "2024-11-21T04:24:10.097",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-30T16:15:09.793",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x384e2a.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x384e2a.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000259aa4."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15775 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15775 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000259aa4.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .dwg manipulado. Esta vulnerabilidad est\u00e1 relacionada con \"Data from Faulting Address controls Branch Selection comenzando en CADImage+0x0000000000259aa4\"."
}
],
"id": "CVE-2017-15775",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:01.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15775"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e849.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e849.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "570AC220-662F-4446-9611-4B13BC6FDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e849."
},
{
"lang": "es",
"value": "XnView Classic 2.48 tiene un User Mode Write AV iniciando en xnview+0x000000000032e849."
}
],
"id": "CVE-2019-13256",
"lastModified": "2024-11-21T04:24:33.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T16:15:11.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e849.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e849.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByName+0x00000000000000a5."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10781 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10781 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByName+0x00000000000000a5.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByName+0x00000000000000a5\"."
}
],
"id": "CVE-2017-10781",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10781"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x000000000000dcab."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x000000000000dcab.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos ejecutar c\u00f3digo mediante un archivo .fpx manipulado, relacionado a \"User Mode Write AV comenzado en Xfpx+0x000000000000dcab.\""
}
],
"id": "CVE-2017-9897",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a un \"User Mode Write AV starting at ntdll_77df0000!RtlEnterCriticalSection+0x0000000000000012.\""
}
],
"id": "CVE-2017-10746",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10746"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14275 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14275 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio mediante un archivo .jb2 manipulado, relacionado con \"User Mode Write AV near NULL comenzando en wow64!RtlInterlockedPopEntrySList+0x000000000000001d\"."
}
],
"id": "CVE-2017-14275",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14275"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an "Illegal Instruction Violation starting at xnview+0x0000000000370074."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15784 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15784 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an \"Illegal Instruction Violation starting at xnview+0x0000000000370074.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes ejecuten c\u00f3digo arbitrario o que provoquen una denegaci\u00f3n de servicio mediante un archivo .dwg manipulado, relacionado con \"Illegal Instruction Violation starting at xnview+0x0000000000370074\"."
}
],
"id": "CVE-2017-15784",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:02.087",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15784"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10749 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10749 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a un \"User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
}
],
"id": "CVE-2017-10749",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10749"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx+0x0000000000010e81."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9911 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9911 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx+0x0000000000010e81.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a un atacante remoto causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado mediante un archivo .fpx manipulado, relacionado a \"Data from Faulting Address es usado como un o mas argumentos en una subsecuencia Function Call comenzando en Xfpx+0x0000000000010e81.\""
}
],
"id": "CVE-2017-9911",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9911"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "570AC220-662F-4446-9611-4B13BC6FDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003283eb."
},
{
"lang": "es",
"value": "XnView Classic versi\u00f3n 2.48, tiene un User Mode Write AV iniciando en xnview+0x00000000003283eb."
}
],
"id": "CVE-2019-13262",
"lastModified": "2024-11-21T04:24:34.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T16:15:12.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003283eb.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14274 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14274 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio mediante un archivo .jb2 manipulado, relacionado con \"Data from Faulting Address controls subsequent Write Address comenzando en jbig2dec+0x0000000000008706\"."
}
],
"id": "CVE-2017-14274",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14274"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-18 17:02
Modified
2025-04-12 10:46
Severity ?
Summary
Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C8CC68F2-6C63-4ACF-905E-25CA26FA2D2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en xnview.exe en XnView 2.13 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un campo NUM_ELEMENTS grande en una estructura IFD_ENTRY en un archivo JXR, lo que provoca un desbordamiento de buffer basado en memoria din\u00e1mica."
}
],
"id": "CVE-2013-3938",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-18T17:02:52.233",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56172"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/66187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66187"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000008fe4."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14283 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14283 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000008fe4.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .jb2 manipulado, relacionado con \"Read Access Violation comenzando en jbig2dec+0x0000000000008fe4\"."
}
],
"id": "CVE-2017-14283",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14283"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285e9d."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15772 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15772 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285e9d.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .dwg manipulado. Esta vulnerabilidad est\u00e1 relacionada con \"Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285e9d\"."
}
],
"id": "CVE-2017-15772",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:01.650",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15772"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000000c1b541c called from xnview+0x00000000003826ec."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10739 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10739 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000000c1b541c called from xnview+0x00000000003826ec.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a una \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000000c1b541c called from xnview+0x00000000003826ec.\""
}
],
"id": "CVE-2017-10739",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:00.980",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10739"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10782 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10782 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca\"."
}
],
"id": "CVE-2017-10782",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10782"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005643."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14279 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14279 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005643.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .jb2 manipulado, relacionado con \"Read Access Violation comenzando en jbig2dec+0x0000000000005643\"."
}
],
"id": "CVE-2017-14279",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.553",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14279"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .dll manipulado que se gestiona de manera incorrecta durante un intento de representar el icono DLL. Esta vulnerabilidad est\u00e1 relacionada con \"Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087\"."
}
],
"id": "CVE-2017-15802",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T19:29:00.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInitializeThread+0x000000000000010b."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10755 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10755 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInitializeThread+0x000000000000010b.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInitializeThread+0x000000000000010b.\""
}
],
"id": "CVE-2017-10755",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10755"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10752 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10752 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.\""
}
],
"id": "CVE-2017-10752",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10752"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::s_ToolTipsWndProc+0x0000000000000032."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10744 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10744 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::s_ToolTipsWndProc+0x0000000000000032.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a una \"Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::s_ToolTipsWndProc+0x0000000000000032.\""
}
],
"id": "CVE-2017-10744",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10744"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000012548."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9893 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9893 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000012548.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos ejecutar c\u00f3digo mediante un archivo .fpx manipulado, relacionado a \"User Mode Write AV comenzado en Xfpx!gffGetFormatInfo+0x0000000000012548.\""
}
],
"id": "CVE-2017-9893",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9893"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at Xfpx!gffGetFormatInfo+0x00000000000228e8."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9905 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9905 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at Xfpx!gffGetFormatInfo+0x00000000000228e8.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado mediante una archivo .fpx manipulado, relacionado a \"Data from Faulting Address controls Branch Selection comenzando en Xfpx!gffGetFormatInfo+0x00000000000228e8.\""
}
],
"id": "CVE-2017-9905",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9905"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation starting at xnview+0x0000000000580063."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15787 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15787 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"Data Execution Prevention Violation starting at xnview+0x0000000000580063.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes ejecuten c\u00f3digo arbitrario o que provoquen una denegaci\u00f3n de servicio mediante un archivo .dwg manipulado, relacionado con \"Data Execution Prevention Violation starting at xnview+0x0000000000580063\"."
}
],
"id": "CVE-2017-15787",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:02.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15787"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-24 18:44
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:1.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01370703-08C0-49C3-A7F6-5C223FB146C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long filename argument on the command line. NOTE: it is unclear whether there are common handler configurations in which this argument is controlled by an attacker."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en XnView 1.92.1 permite a atacantes remotos ayudados por elme usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un argumento nombre de archivo largo en la l\u00ednea de comandos. NOTA: no est\u00e1 claro si hay configuraciones del gestor com\u00fan en los que este argumento sea controlado por un atacante."
}
],
"id": "CVE-2008-1461",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-24T18:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3761"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.click-internet.fr/index.php?cki=News\u0026news=9"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489658/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28259"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.click-internet.fr/index.php?cki=News\u0026news=9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489658/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41245"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000013a20."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10779 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10779 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000013a20.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000013a20\"."
}
],
"id": "CVE-2017-10779",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10779"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in "Browser" mode, because of a "User Mode Write AV near NULL" in XnView.exe.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"User Mode Write AV near NULL\" in XnView.exe."
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite que los atacantes remotos asistidos por el usuario ejecuten c\u00f3digo por medio de un archivo .mkv especialmente dise\u00f1ado que se maneja inapropiadamente durante la apertura de un directorio en el modo \"Browser\", debido a un \"User Mode Write AV near NULL\" en el archivo XnView.exe."
}
],
"id": "CVE-2017-8381",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a "Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9914 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9914 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a \"Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a un atacante remoto ejecutar c\u00f3digo mediante un archivo .bie modificado, relacionado a un \"Read Access Violation en el Block Data Move que comienza en Xjbig+0x000000000000121b.\""
}
],
"id": "CVE-2017-9914",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:05.043",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9914"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018" (without RPC initialization).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10769 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10769 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018\" (without RPC initialization)."
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018\" (sin inicializaci\u00f3n RPC)."
}
],
"id": "CVE-2017-10769",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.090",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10769"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10761 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10761 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429\"."
}
],
"id": "CVE-2017-10761",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10761"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-30 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x26b739.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x26b739.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "570AC220-662F-4446-9611-4B13BC6FDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739."
},
{
"lang": "es",
"value": "XnView Classic versi\u00f3n 2.48, tiene un User Mode Write AV iniciando en de xnview+0x0000000026b739."
}
],
"id": "CVE-2019-13084",
"lastModified": "2024-11-21T04:24:10.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-30T16:15:09.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x26b739.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x26b739.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at GDI32!GenericEngineGetGlyphs+0x0000000000000133.\""
}
],
"id": "CVE-2017-10751",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10751"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Possible Stack Corruption starting at Xfpx!gffGetFormatInfo+0x0000000000022e1f."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9907 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9907 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Possible Stack Corruption starting at Xfpx!gffGetFormatInfo+0x0000000000022e1f.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado mediante una archivo .fpx manipulado, relacionado a \"Possible Stack Corruption comenzando en Xfpx!gffGetFormatInfo+0x0000000000022e1f.\""
}
],
"id": "CVE-2017-9907",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9907"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls subsequent Write Address starting at Xfpx!gffGetFormatInfo+0x000000000002bfd5."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9901 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9901 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls subsequent Write Address starting at Xfpx!gffGetFormatInfo+0x000000000002bfd5.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos ejecutar c\u00f3digo mediante un archivo .fpx manipulado, relacionado a \"Data from Faulting Address controls subsequent Write Address comenzado en Xfpx!gffGetFormatInfo+0x000000000002bfd5.\""
}
],
"id": "CVE-2017-9901",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9901"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9909 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9909 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a un atacante remoto causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado mediante un archivo .fpx manipulado, relacionado a \"Data from Faulting Address controls Branch Selection comenzado en ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a.\""
}
],
"id": "CVE-2017-9909",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9909"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-15 13:28
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE50603B-B8C1-451E-B9F2-F54208F553A3",
"versionEndIncluding": "1.97.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.0:a:*:*:*:*:*:*",
"matchCriteriaId": "D1160EF2-C078-4C0A-999B-05B6D42FC65F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "26750A49-32A9-41C4-B4FC-4C53650D5B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "E93C259A-6715-468F-A1E1-CF954761EE84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "70F7DBD6-D249-4D64-B2FB-D486785F26E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "662F38C4-C400-435E-BCD4-0021AB6FA4FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B4B6DE-A8D1-4B76-9873-F3FF386B6647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.05:b:*:*:*:*:*:*",
"matchCriteriaId": "2F17BB19-F2EC-49EA-95FE-55126352D8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.05:c:*:*:*:*:*:*",
"matchCriteriaId": "BE7CE2C1-5D75-4760-891D-E53409F08A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "773D4D55-D241-41DD-A802-90F6B8037544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.07:*:*:*:*:*:*:*",
"matchCriteriaId": "F39E52FA-38AA-44CD-A027-9189BCD27E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.08:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5AD70E-6E6A-4D26-BF7B-FDBC169AE62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "874FB295-26DC-4BD4-84A7-D396D4B9F8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "34CE10DC-AC95-4A92-BF18-DE839FEB3EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5D72A3-82A9-44FF-AF40-AE4534DF13D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4D2D41-0934-4F2E-9033-7866342A6148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCC4DC4-FBB3-4B85-B7A1-0FDEE513DA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA5158C-0F58-4C3D-8E36-61231E1D1F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "37B04085-8D2F-4DFD-B577-AFDCAA366335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AD62B251-470E-4D4F-93D2-E87453037CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7E1A0-63FD-4608-A070-D4D867671055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.17:a:*:*:*:*:*:*",
"matchCriteriaId": "28452A67-510F-4D6A-A96D-E51C0DD8B6E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9B481D02-6F2F-4230-94BB-3EC257993D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB44AE2-8FCA-406B-AEE0-E724518CE74E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "41353F26-E155-41D5-9412-4E3FC28F1701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "55F1494F-8A2C-4362-832B-3B3887794F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "29E0879C-7580-49ED-93A5-7E072B3B6D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABD9EED-E230-455E-9052-23C08EE392D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0FA50E-9965-4FA3-BB85-E63CD0824914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "02C9ACEF-6B7C-42D5-8D68-04C7915B9039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "29EF6CFD-A098-41D6-9E8F-9842A9C16048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.25:a:*:*:*:*:*:*",
"matchCriteriaId": "102E7705-5533-4214-ACEE-B7C02CB454E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB38B70-E59C-42CE-877C-D3322157E483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9A159A1F-85FB-4C5C-8D8E-399F30CDA115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "67738CAF-186D-4831-AE04-E9E509BBC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "52D407A4-8499-4DA2-99D7-0DE4C5F7F2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FECC88-9938-4AD0-889F-559C8F99B5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.35:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B324FA-DC14-44F8-8B63-0A2C71455726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.36:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C31A9-1239-4B22-AAA9-8294714EF677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.37:*:*:*:*:*:*:*",
"matchCriteriaId": "98E67FA4-9AB4-4A2D-8B61-A90A09FA1484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "F988A618-07A7-438C-9FE2-EE2D1C9A1874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "24A5B8B1-64FB-4B4D-825C-9F5049F61484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2393E-715C-4B26-8868-AB0A71F22CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "679BF820-BF6B-4004-9F4D-7CE883456C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C0897791-B53F-4724-80F5-099DA55E2F7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.50.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348D00F9-5BF2-4B16-9DC7-5165E92C8610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.55:*:*:*:*:*:*:*",
"matchCriteriaId": "6911582E-232F-44D8-82E6-104BD10F93E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA514C3-D3BA-449E-A3E3-46917666F425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.61:*:*:*:*:*:*:*",
"matchCriteriaId": "6B4D2CAD-8714-4CE4-969B-C157F33C5AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.65:*:*:*:*:*:*:*",
"matchCriteriaId": "724E0679-4A89-4F7A-AF41-EA9C3A5C7C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.66:*:*:*:*:*:*:*",
"matchCriteriaId": "4EBA50FC-6C50-42C5-8361-0165C7BE844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.67:*:*:*:*:*:*:*",
"matchCriteriaId": "38F201D3-52E9-4D1E-9CDF-7224DA766BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.68:*:*:*:*:*:*:*",
"matchCriteriaId": "66EB8513-6378-49E6-B7F7-52C5FEA40452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF190D40-A8FA-43BA-AE0E-4ED50ED2B14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70:*:*:*:*:*:*:*",
"matchCriteriaId": "0E27EB1D-5AE3-4002-829B-6AA0AE8D60F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB57494-C072-4C99-A0D2-207E2DEA76C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5798EA-8ADC-4632-BBD4-811207EAFCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2BA7BA-EACB-41C5-9C0C-376678990766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "A195F27B-4B38-4882-B34C-D729CC8ACB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80:*:*:*:*:*:*:*",
"matchCriteriaId": "FC73F60A-D89E-46FE-BA89-EAFE509489D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA0EDE4-DF5A-4152-B113-75E93910F556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2427F9F0-76C3-4C53-A794-6C0E839A1BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4400B8A-5D9B-4E68-830D-28D70969DDA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82:*:*:*:*:*:*:*",
"matchCriteriaId": "0E21984E-6830-44B9-BFCD-5EFC9886272E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16CBF0CE-9CBC-4C12-8061-B186543ABF0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B628ABE-2FB9-477E-859A-51AD323BF64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A66BCB0-D555-4627-BADA-806DA84E3167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "A2346275-34F4-456E-8A9D-BB5DB24487D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA55EEC-4213-42B6-9C1A-FE9CB076DEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.90.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F3174A-3C30-4FBC-8478-21DA00661F4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "779BD454-9656-4B71-899E-FE0CC2413435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37E3E487-26EC-4843-A80A-B02D6180FCB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.2:*:*:*:*:*:*:*",
"matchCriteriaId": "323F2315-A433-4278-B4B1-F089A2F3E31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8E049E-4353-41A1-AB90-107D4CDB291A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52354ABE-D603-4D6D-99AA-3EB3CA33DF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2E41CB-D8AC-4D33-A81D-A66C3CFBE644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B014AC9-6A9B-49AE-806F-DF3683169DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "26269B37-EE6D-4829-8100-656AFC6D706D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01370703-08C0-49C3-A7F6-5C223FB146C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93:*:*:*:*:*:*:*",
"matchCriteriaId": "222D7302-E49E-4BD8-9E4D-872AA3103A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F10DEFA8-377A-434D-A353-4C428A9A13F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.2:*:*:*:*:*:*:*",
"matchCriteriaId": "481D1D7F-5A8A-4A5D-A499-A733ACA00CD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D686020-C181-4F84-8418-C90ABE387D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9BF2F4-8821-48E8-8421-AF0AA761EF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB56C26-5E49-47BB-89DE-C501400329FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.94:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE38635-D538-4D61-83D9-61D7D3A89C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.94.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC83C981-C43B-4B8E-A912-2F4729F77B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.94.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD418E1-79FA-4942-AB0D-9B45C1368890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AE1B44-0384-4043-9892-FE57E530BE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD61FD5-A98B-4793-B7B6-D25307B89F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48950A60-115D-4685-B3D2-6AE54AE2737E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C64D9A65-BE9C-4295-9DAD-B3DB9E915E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4996E2-0085-44FE-8C29-A4734A1D61FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9B7628-C72F-44BD-92BB-2E85DEAA003E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05C35C3-3BBA-43FD-AE8D-C132AB6330F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5B1D98-83E7-41C3-84E2-D0552B37644F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "19D77398-388F-420C-94D1-C1EAC1635C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACCCCC3-0331-4ABA-9ED8-9C1E1381FE1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de entero en XnView anterior a v1.97.2, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de uba imagen DICOM con unas dimensiones manipuladas, provocando un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap)."
}
],
"id": "CVE-2009-4001",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-15T13:28:25.183",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=19469"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/secunia_research/2009-60/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.osvdb.org/62829"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/509999/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/38629"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=19469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/secunia_research/2009-60/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/62829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509999/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56802"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15781 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15781 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes ejecuten c\u00f3digo arbitrario o que provoquen una denegaci\u00f3n de servicio mediante un archivo .dwg manipulado, relacionado con \"Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76\"."
}
],
"id": "CVE-2017-15781",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:01.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15781"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-27 15:15
Modified
2024-11-21 01:53
Severity ?
Summary
XnView 2.03 has an integer overflow vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/61505 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/61505 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "D22AC28A-2350-41AD-847D-423417147005",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.03 has an integer overflow vulnerability"
},
{
"lang": "es",
"value": "XnView versi\u00f3n 2.03, presenta una vulnerabilidad de desbordamiento de enteros."
}
],
"id": "CVE-2013-3493",
"lastModified": "2024-11-21T01:53:44.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-27T15:15:11.387",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/61505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/61505"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in "Browser" mode, because of a "Stack Buffer Overrun" issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8781 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8781 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"Stack Buffer Overrun\" issue."
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo por medio de un archivo JPEG 2000 especialmente dise\u00f1ado que se maneja inapropiadamente durante la apertura de un directorio en el modo \"Browser\", debido a un problema de \"Stack Buffer Overrun\"."
}
],
"id": "CVE-2017-8781",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:03.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8781"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x0000000000000510."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10771 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10771 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x0000000000000510.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x0000000000000510\"."
}
],
"id": "CVE-2017-10771",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10771"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000233125."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10778 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10778 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000233125.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000233125\"."
}
],
"id": "CVE-2017-10778",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10778"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285de7."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15778 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15778 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285de7.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .dwg manipulado, relacionado con \"Read Access Violation starting at CADImage+0x0000000000285de7\"."
}
],
"id": "CVE-2017-15778",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:01.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15778"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327464.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327464.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "570AC220-662F-4446-9611-4B13BC6FDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464."
},
{
"lang": "es",
"value": "XnView Classic 2.48 tiene un User Mode Write AV iniciando en xnview+0x0000000000327464."
}
],
"id": "CVE-2019-13255",
"lastModified": "2024-11-21T04:24:33.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T16:15:11.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327464.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000327464.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in "Browser" mode, because of a "User Mode Write AV near NULL" in XnView.exe.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8282 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8282 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"User Mode Write AV near NULL\" in XnView.exe."
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo por medio de un archivo .mov especialmente dise\u00f1ado que se maneja inapropiadamente durante la apertura de un directorio en modo \"Browser\", debido a un \"User Mode Write AV near NULL\" en el archivo XnView.exe."
}
],
"id": "CVE-2017-8282",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.763",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8282"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e566.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e566.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "570AC220-662F-4446-9611-4B13BC6FDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e566."
},
{
"lang": "es",
"value": "XnView Classic 2.48 tiene un User Mode Write AV iniciando en xnview+0x000000000032e566."
}
],
"id": "CVE-2019-13259",
"lastModified": "2024-11-21T04:24:33.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T16:15:11.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e566.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x000000000032e566.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-02 20:15
Modified
2024-11-21 01:54
Severity ?
Summary
Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | Permissions Required, Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/52101 | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/52101 | Not Applicable, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7CE9A60-E0EA-413A-B058-007F50D879F5",
"versionEndExcluding": "2.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el archivo xnview.exe en XnView versiones anteriores a 2.13, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio del campo biBitCount en un archivo BMP."
}
],
"id": "CVE-2013-3937",
"lastModified": "2024-11-21T01:54:34.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T20:15:13.927",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/52101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/52101"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14276 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14276 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .jb2 manipulado, relacionado con \"Possible Stack Corruption comenzando en jbig2dec+0x0000000000002fbe\"."
}
],
"id": "CVE-2017-14276",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14276"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9912 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9912 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado mediante una archivo .fpx manipulado, relacionado a \"Data from Faulting Address controls Branch Selection comenzando en ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.\""
}
],
"id": "CVE-2017-9912",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.983",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9912"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000595d."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14272 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14272 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at jbig2dec+0x000000000000595d.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio mediante un archivo .jb2 manipulado, relacionado con \"User Mode Write AV comenzando en jbig2dec+0x000000000000595d\"."
}
],
"id": "CVE-2017-14272",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14272"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15785 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15785 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes ejecuten c\u00f3digo arbitrario o que provoquen una denegaci\u00f3n de servicio mediante un archivo .dwg manipulado, relacionado con \"Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79\"."
}
],
"id": "CVE-2017-15785",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:02.117",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15785"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-08 00:29
Modified
2024-11-21 03:50
Severity ?
Summary
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://code610.blogspot.com/2018/08/updating-xnview.html | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://code610.blogspot.com/2018/08/updating-xnview.html | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.45:*:*:*:*:*:*:*",
"matchCriteriaId": "99D313B0-7C40-4051-8C00-C626DF13E943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file."
},
{
"lang": "es",
"value": "XnView 2.45 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (AV de escritura del modo de usuario que comienza en MSVCR120!memcpy+0x0000000000000074 y cierre inesperado de la aplicaci\u00f3n) o, posiblemente, otro impacto no especificado mediante un archivo RLE manipulado."
}
],
"id": "CVE-2018-15176",
"lastModified": "2024-11-21T03:50:27.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-08T00:29:02.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2018/08/updating-xnview.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at msvcrt!_VEC_memzero+0x000000000000006a."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10736 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10736 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at msvcrt!_VEC_memzero+0x000000000000006a.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a un \"User Mode Write AV starting at msvcrt!_VEC_memzero+0x000000000000006a.\""
}
],
"id": "CVE-2017-10736",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:00.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10736"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005940."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14278 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14278 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005940.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .jb2 manipulado, relacionado con \"Read Access Violation comenzando en jbig2dec+0x0000000000005940\"."
}
],
"id": "CVE-2017-14278",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14278"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a "Read Access Violation starting at ntdll_77df0000!LdrShutdownProcess+0x0000000000000130."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10776 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10776 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a \"Read Access Violation starting at ntdll_77df0000!LdrShutdownProcess+0x0000000000000130.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a una \"Read Access Violation starting at ntdll_77df0000!LdrShutdownProcess+0x0000000000000130\"."
}
],
"id": "CVE-2017-10776",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10776"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-02 20:15
Modified
2024-11-21 01:54
Severity ?
Summary
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | Permissions Required, Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/52101 | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/52101 | Not Applicable, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7CE9A60-E0EA-413A-B058-007F50D879F5",
"versionEndExcluding": "2.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow."
},
{
"lang": "es",
"value": "En la biblioteca Xjp2.dll en XnView versiones anteriores a la versi\u00f3n 2.13, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de (1) el par\u00e1metro Csiz en un marcador SIZ, que desencadena una asignaci\u00f3n de memoria incorrecta, o (2) el campo lqcd en un marcador QCD en un archivo JPEG2000 dise\u00f1ado, lo que conlleva a un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria."
}
],
"id": "CVE-2013-3941",
"lastModified": "2024-11-21T01:54:34.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T20:15:14.457",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/52101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/52101"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to an "Error Code (0xc000041d) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9910 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9910 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to an \"Error Code (0xc000041d) starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a un atacante remoto causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado mediante un archivo .fpx manipulado, relacionado a \"Error Code (0xc000041d) comenzado en wow64!Wow64NotifyDebugger+0x000000000000001d.\""
}
],
"id": "CVE-2017-9910",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.903",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9910"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByMapping+0x0000000000000046."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10753 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10753 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByMapping+0x0000000000000046.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByMapping+0x0000000000000046.\""
}
],
"id": "CVE-2017-10753",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10753"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado mediante una archivo .fpx manipulado, relacionado a \"Data from Faulting Address es usado como uno o m\u00e1s argumentos en una subsecuencia Function Call comenzando en Xfpx!gffGetFormatInfo+0x0000000000028508.\""
}
],
"id": "CVE-2017-9906",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9906"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-18 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14538 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14538 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite que los atacantes ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio mediante un archivo .jb2 manipulado. Esta vulnerabilidad est\u00e1 relacionada con \"Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823\"."
}
],
"id": "CVE-2017-14538",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-18T17:29:00.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14538"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10740 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10740 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a un \"User Mode Write AV starting at ntdll_77df0000!RtlRbInsertNodeEx+0x000000000000002d.\""
}
],
"id": "CVE-2017-10740",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.013",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10740"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-27 15:15
Modified
2024-11-21 01:53
Severity ?
Summary
XnView 2.03 has a stack-based buffer overflow vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/61503 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/61503 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "D22AC28A-2350-41AD-847D-423417147005",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView 2.03 has a stack-based buffer overflow vulnerability"
},
{
"lang": "es",
"value": "XnView versi\u00f3n 2.03, presenta una vulnerabilidad de desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria."
}
],
"id": "CVE-2013-3492",
"lastModified": "2024-11-21T01:53:44.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-27T15:15:11.323",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/61503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/61503"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000022bf8d."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10748 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10748 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at xnview+0x000000000022bf8d.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a un \"User Mode Write AV starting at xnview+0x000000000022bf8d.\""
}
],
"id": "CVE-2017-10748",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10748"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-13 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:1.98.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824BE980-8766-4322-93CD-1AE271DE7F30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de buffer basado en memoria din\u00e1mica (Heap) en Xjp2.dll en el JPEG2000 plug-in de XnView v1.98.5 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un JPEG2000 (JP2) con una serie de sesiones de cuantizaci\u00f3n por defecto dise\u00f1ado marcador (QCD)."
}
],
"id": "CVE-2012-1051",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-13T19:55:01.193",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/78904"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47352"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51896"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/78904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73040"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005956."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14277 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14277 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005956.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .jb2 manipulado, relacionado con \"Read Access Violation comenzando en jbig2dec+0x0000000000005956\"."
}
],
"id": "CVE-2017-14277",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14277"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls Code Flow starting at CADImage+0x0000000000221a9a."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15774 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15774 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls Code Flow starting at CADImage+0x0000000000221a9a.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes ejecuten c\u00f3digo arbitrario o que provoquen una denegaci\u00f3n de servicio mediante un archivo .dwg manipulado. Esta vulnerabilidad est\u00e1 relacionada con \"Data from Faulting Address controls Code Flow starting at CADImage+0x0000000000221a9a\"."
}
],
"id": "CVE-2017-15774",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:01.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15774"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!RtlProcessFlsData+0x00000000000000b0."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10745 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10745 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!RtlProcessFlsData+0x00000000000000b0.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a un \"Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!RtlProcessFlsData+0x00000000000000b0.\""
}
],
"id": "CVE-2017-10745",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10745"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9904 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9904 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado mediante una archivo .fpx manipulado, relacionado a \"Data from Faulting Address controls Branch Selection comenzando en ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.\""
}
],
"id": "CVE-2017-9904",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.670",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9904"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-11 14:15
Modified
2024-11-21 06:00
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51CFE50E-3655-4CC4-942C-7657EC38E5CC",
"versionEndExcluding": "2.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file."
}
],
"id": "CVE-2021-28835",
"lastModified": "2024-11-21T06:00:18.043",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T14:15:12.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=44679"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=44679"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-18 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14541 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14541 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to \"Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .svg manipulado. Esta vulnerabilidad est\u00e1 relacionada con Data from Faulting Address controls Branch Selection starting at CADImage+0x000000000001f23e\"."
}
],
"id": "CVE-2017-14541",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-18T17:29:00.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14541"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-12 01:40
Modified
2025-08-15 18:31
Severity ?
Summary
XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-24-1640/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.51.5:*:*:*:classic:*:*:*",
"matchCriteriaId": "1D0AE2D0-3745-4466-AD5C-A90CC11D56D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\n\nThe specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de enteros en el an\u00e1lisis de archivos RWZ de XnSoft XnView Classic. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de XnSoft XnView Classic. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos RWZ. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar un desbordamiento de enteros antes de escribir en la memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22913."
}
],
"id": "CVE-2024-11950",
"lastModified": "2025-08-15T18:31:26.100",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-12T01:40:21.820",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1640/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10742 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10742 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a una \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016.\""
}
],
"id": "CVE-2017-10742",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.090",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10742"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInsertDependencyRecord+0x0000000000000039."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10759 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10759 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInsertDependencyRecord+0x0000000000000039.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpInsertDependencyRecord+0x0000000000000039\"."
}
],
"id": "CVE-2017-10759",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.670",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10759"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!StateObjectListFind+0x0000000000000005."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10767 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10767 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at KERNELBASE!StateObjectListFind+0x0000000000000005.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at KERNELBASE!StateObjectListFind+0x0000000000000005\"."
}
],
"id": "CVE-2017-10767",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.013",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10767"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at MSCTF!_CtfImeCreateThreadMgr+0x00000000000000a8."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10773 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10773 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at MSCTF!_CtfImeCreateThreadMgr+0x00000000000000a8.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at MSCTF!_CtfImeCreateThreadMgr+0x00000000000000a8\"."
}
],
"id": "CVE-2017-10773",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10773"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at GDI32!ScriptStringAnalyse+0x00000000000001c8."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10766 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10766 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at GDI32!ScriptStringAnalyse+0x00000000000001c8.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at GDI32!ScriptStringAnalyse+0x00000000000001c8\"."
}
],
"id": "CVE-2017-10766",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.983",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10766"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-09 10:33
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A680CAE-6D19-436D-8748-69A628CBF0B2",
"versionEndIncluding": "1.98.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.0:a:*:*:*:*:*:*",
"matchCriteriaId": "D1160EF2-C078-4C0A-999B-05B6D42FC65F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "26750A49-32A9-41C4-B4FC-4C53650D5B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "E93C259A-6715-468F-A1E1-CF954761EE84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "70F7DBD6-D249-4D64-B2FB-D486785F26E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "662F38C4-C400-435E-BCD4-0021AB6FA4FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B4B6DE-A8D1-4B76-9873-F3FF386B6647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.05:b:*:*:*:*:*:*",
"matchCriteriaId": "2F17BB19-F2EC-49EA-95FE-55126352D8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.05:c:*:*:*:*:*:*",
"matchCriteriaId": "BE7CE2C1-5D75-4760-891D-E53409F08A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "773D4D55-D241-41DD-A802-90F6B8037544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.07:*:*:*:*:*:*:*",
"matchCriteriaId": "F39E52FA-38AA-44CD-A027-9189BCD27E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.08:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5AD70E-6E6A-4D26-BF7B-FDBC169AE62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "874FB295-26DC-4BD4-84A7-D396D4B9F8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "34CE10DC-AC95-4A92-BF18-DE839FEB3EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5D72A3-82A9-44FF-AF40-AE4534DF13D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4D2D41-0934-4F2E-9033-7866342A6148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCC4DC4-FBB3-4B85-B7A1-0FDEE513DA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA5158C-0F58-4C3D-8E36-61231E1D1F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "37B04085-8D2F-4DFD-B577-AFDCAA366335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AD62B251-470E-4D4F-93D2-E87453037CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7E1A0-63FD-4608-A070-D4D867671055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.17:a:*:*:*:*:*:*",
"matchCriteriaId": "28452A67-510F-4D6A-A96D-E51C0DD8B6E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9B481D02-6F2F-4230-94BB-3EC257993D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB44AE2-8FCA-406B-AEE0-E724518CE74E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "41353F26-E155-41D5-9412-4E3FC28F1701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "55F1494F-8A2C-4362-832B-3B3887794F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "29E0879C-7580-49ED-93A5-7E072B3B6D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABD9EED-E230-455E-9052-23C08EE392D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0FA50E-9965-4FA3-BB85-E63CD0824914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "02C9ACEF-6B7C-42D5-8D68-04C7915B9039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "29EF6CFD-A098-41D6-9E8F-9842A9C16048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.25:a:*:*:*:*:*:*",
"matchCriteriaId": "102E7705-5533-4214-ACEE-B7C02CB454E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB38B70-E59C-42CE-877C-D3322157E483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9A159A1F-85FB-4C5C-8D8E-399F30CDA115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "67738CAF-186D-4831-AE04-E9E509BBC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "52D407A4-8499-4DA2-99D7-0DE4C5F7F2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FECC88-9938-4AD0-889F-559C8F99B5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.35:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B324FA-DC14-44F8-8B63-0A2C71455726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.36:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C31A9-1239-4B22-AAA9-8294714EF677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.37:*:*:*:*:*:*:*",
"matchCriteriaId": "98E67FA4-9AB4-4A2D-8B61-A90A09FA1484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "F988A618-07A7-438C-9FE2-EE2D1C9A1874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "24A5B8B1-64FB-4B4D-825C-9F5049F61484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2393E-715C-4B26-8868-AB0A71F22CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "679BF820-BF6B-4004-9F4D-7CE883456C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C0897791-B53F-4724-80F5-099DA55E2F7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.50.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348D00F9-5BF2-4B16-9DC7-5165E92C8610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.55:*:*:*:*:*:*:*",
"matchCriteriaId": "6911582E-232F-44D8-82E6-104BD10F93E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA514C3-D3BA-449E-A3E3-46917666F425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.61:*:*:*:*:*:*:*",
"matchCriteriaId": "6B4D2CAD-8714-4CE4-969B-C157F33C5AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.65:*:*:*:*:*:*:*",
"matchCriteriaId": "724E0679-4A89-4F7A-AF41-EA9C3A5C7C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.66:*:*:*:*:*:*:*",
"matchCriteriaId": "4EBA50FC-6C50-42C5-8361-0165C7BE844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.67:*:*:*:*:*:*:*",
"matchCriteriaId": "38F201D3-52E9-4D1E-9CDF-7224DA766BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.68:*:*:*:*:*:*:*",
"matchCriteriaId": "66EB8513-6378-49E6-B7F7-52C5FEA40452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF190D40-A8FA-43BA-AE0E-4ED50ED2B14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70:*:*:*:*:*:*:*",
"matchCriteriaId": "0E27EB1D-5AE3-4002-829B-6AA0AE8D60F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB57494-C072-4C99-A0D2-207E2DEA76C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5798EA-8ADC-4632-BBD4-811207EAFCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2BA7BA-EACB-41C5-9C0C-376678990766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "A195F27B-4B38-4882-B34C-D729CC8ACB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80:*:*:*:*:*:*:*",
"matchCriteriaId": "FC73F60A-D89E-46FE-BA89-EAFE509489D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA0EDE4-DF5A-4152-B113-75E93910F556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2427F9F0-76C3-4C53-A794-6C0E839A1BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4400B8A-5D9B-4E68-830D-28D70969DDA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82:*:*:*:*:*:*:*",
"matchCriteriaId": "0E21984E-6830-44B9-BFCD-5EFC9886272E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16CBF0CE-9CBC-4C12-8061-B186543ABF0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B628ABE-2FB9-477E-859A-51AD323BF64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A66BCB0-D555-4627-BADA-806DA84E3167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "A2346275-34F4-456E-8A9D-BB5DB24487D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA55EEC-4213-42B6-9C1A-FE9CB076DEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.90.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F3174A-3C30-4FBC-8478-21DA00661F4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "779BD454-9656-4B71-899E-FE0CC2413435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37E3E487-26EC-4843-A80A-B02D6180FCB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.2:*:*:*:*:*:*:*",
"matchCriteriaId": "323F2315-A433-4278-B4B1-F089A2F3E31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8E049E-4353-41A1-AB90-107D4CDB291A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52354ABE-D603-4D6D-99AA-3EB3CA33DF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2E41CB-D8AC-4D33-A81D-A66C3CFBE644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B014AC9-6A9B-49AE-806F-DF3683169DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "26269B37-EE6D-4829-8100-656AFC6D706D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01370703-08C0-49C3-A7F6-5C223FB146C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93:*:*:*:*:*:*:*",
"matchCriteriaId": "222D7302-E49E-4BD8-9E4D-872AA3103A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F10DEFA8-377A-434D-A353-4C428A9A13F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.2:*:*:*:*:*:*:*",
"matchCriteriaId": "481D1D7F-5A8A-4A5D-A499-A733ACA00CD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D686020-C181-4F84-8418-C90ABE387D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9BF2F4-8821-48E8-8421-AF0AA761EF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB56C26-5E49-47BB-89DE-C501400329FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.94:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE38635-D538-4D61-83D9-61D7D3A89C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.94.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC83C981-C43B-4B8E-A912-2F4729F77B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.94.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD418E1-79FA-4942-AB0D-9B45C1368890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AE1B44-0384-4043-9892-FE57E530BE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD61FD5-A98B-4793-B7B6-D25307B89F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48950A60-115D-4685-B3D2-6AE54AE2737E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C64D9A65-BE9C-4295-9DAD-B3DB9E915E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4996E2-0085-44FE-8C29-A4734A1D61FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9B7628-C72F-44BD-92BB-2E85DEAA003E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05C35C3-3BBA-43FD-AE8D-C132AB6330F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5B1D98-83E7-41C3-84E2-D0552B37644F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "19D77398-388F-420C-94D1-C1EAC1635C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACCCCC3-0331-4ABA-9ED8-9C1E1381FE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D55F2D9-720C-4FC5-AC12-DB26A3F90F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D80CC7A1-8F73-4941-933D-F7CBA286E0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB36873-6A5F-4E2D-A5D4-053B45C38987",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684."
},
{
"lang": "es",
"value": "Desbordamiento de entero en XnViewer (tambi\u00e9n conocido como XnView) antes de v1.98.5, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo modificado que contiene los tipos de registro PSD, una vulnerabilidad diferente de CVE-2012-0684."
}
],
"id": "CVE-2012-0685",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-09T10:33:14.957",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-17 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5EA72D-BC3C-47E5-9EDF-A17310EB59FC",
"versionEndIncluding": "1.98.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer de memoria din\u00e1mica en XnView anterior a v1.99 permite a los atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un (1) imagen SGI32LogLum TIFF comprimido o (2) SGI32LogLum imagen TIFF comprimido con el conjunto de codificaci\u00f3n photometricinterpretation a logL."
}
],
"id": "CVE-2012-0276",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-07-17T21:55:01.193",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48666"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/19337"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/19338"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=48"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/19337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/19338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=48"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=49"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14280 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14280 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .jb2 manipulado, relacionado con \"Data from Faulting Address controls Branch Selection comenzando en jbig2dec+0x000000000000571d\"."
}
],
"id": "CVE-2017-14280",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14280"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-11 14:15
Modified
2024-11-21 05:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://newsgroup.xnview.com/viewtopic.php?f=35&t=41035 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://newsgroup.xnview.com/viewtopic.php?f=35&t=41035 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.49.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DCF879-9E32-4856-86A1-5BDAC9F08F62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file."
}
],
"id": "CVE-2021-28427",
"lastModified": "2024-11-21T05:59:39.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T14:15:12.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=41035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=41035"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003273aa.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003273aa.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "570AC220-662F-4446-9611-4B13BC6FDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x00000000003273aa."
},
{
"lang": "es",
"value": "XnView Classic 2.48 tiene un User Mode Write AV iniciando en xnview+0x00000000003273aa."
}
],
"id": "CVE-2019-13257",
"lastModified": "2024-11-21T04:24:33.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T16:15:11.853",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003273aa.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x00000000003273aa.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!TpAllocCleanupGroup+0x00000000000003d7."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9913 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9913 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!TpAllocCleanupGroup+0x00000000000003d7.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a un atacante remoto provocar una denegaci\u00f3n de servicio o la posibilidad de otro impacto no especificado mediante un archivo .fpx manipulado, relacionado a \"Data from Faulting Address controls Selection comenzado en ntdll_77df0000!TpAllocCleanupGroup+0x00000000000003d7.\""
}
],
"id": "CVE-2017-9913",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:05.013",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9913"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-09 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:1.99:*:*:*:*:*:*:*",
"matchCriteriaId": "631010D0-E262-404A-A95E-1B1EADB9947D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.99.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4738D2D-C1A0-45FB-B3CC-E0164C562F04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en el plugin de formato xjpegls.dll (tambi\u00e9n conocido como JLS, JPEG-LS o JPEG lossless) en XnView 1.99 y 1.99.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen JLS manipulado."
}
],
"id": "CVE-2012-4988",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-09T14:55:03.327",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/show/osvdb/85893"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2012/Oct/36"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50825"
},
{
"source": "cve@mitre.org",
"url": "http://www.reactionpenetrationtesting.co.uk/xnview-jls-heap.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/55787"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79030"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/21741/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/show/osvdb/85893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Oct/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.reactionpenetrationtesting.co.uk/xnview-jls-heap.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/21741/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x0000000000004efd."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9529 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9529 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x0000000000004efd.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a atacantes remotos ejecutar c\u00f3digo por medio de un archivo .fpx especialmente dise\u00f1ado, relacionado a un \"User Mode Write AV starting at Xfpx+0x0000000000004efd.\""
}
],
"id": "CVE-2017-9529",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:03.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9529"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14273 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14273 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio mediante un archivo .jb2 manipulado, relacionado con \"User Mode Write AV a partir de ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0\"."
}
],
"id": "CVE-2017-14273",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.320",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14273"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-17 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5EA72D-BC3C-47E5-9EDF-A17310EB59FC",
"versionEndIncluding": "1.98.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image."
},
{
"lang": "es",
"value": "Desbordamiento de bufer basado en memoria din\u00e1mica (heap) en XnView anterior a v1.99 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una elaborada imagen de PCT."
}
],
"id": "CVE-2012-0277",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-07-17T21:55:01.240",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48666"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.exploit-db.com/exploits/19336"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=25858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/19336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.protekresearchlab.com/index.php?option=com_content\u0026view=article\u0026id=50"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x00000000001a78db."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15786 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15786 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x00000000001a78db.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .dwg manipulado, relacionado con \"Read Access Violation starting at CADImage+0x00000000001a78db\"."
}
],
"id": "CVE-2017-15786",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:02.150",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15786"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-02 20:15
Modified
2024-11-21 01:53
Severity ?
Summary
Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml | Exploit, Third Party Advisory | |
| PSIRT-CNA@flexerasoftware.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/84642 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/84642 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5097A532-AC70-40C3-B213-015C41F5BCF2",
"versionEndExcluding": "2.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el archivo xnview.exe en XnView versiones anteriores a la versi\u00f3n 2.03, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una capa comprimida de RLE dise\u00f1ada en un archivo XCF."
}
],
"id": "CVE-2013-3247",
"lastModified": "2024-11-21T01:53:16.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T20:15:12.460",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a "Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to a \"Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a una \"Read Access Violation starting at GDI32!ScriptGetCMapWithSurrogate+0x00000000000001cb\"."
}
],
"id": "CVE-2017-10775",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10775"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a "Read Access Violation starting at Xfpx+0x000000000000d6da."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9908 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9908 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a \"Read Access Violation starting at Xfpx+0x000000000000d6da.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a un atacante remoto causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado mediante un archivo .fpx manipulado, relacionado a \"Read Access Violation comenzado en Xfpx+0x000000000000d6da.\""
}
],
"id": "CVE-2017-9908",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9908"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-08 12:15
Modified
2024-11-21 04:31
Severity ?
Summary
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/linhlhq/research/blob/master/README.md | Third Party Advisory | |
| cve@mitre.org | https://www.xnview.com/en/xnview/#changelog | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/linhlhq/research/blob/master/README.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.xnview.com/en/xnview/#changelog | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.49.1:*:*:*:classic:*:*:*",
"matchCriteriaId": "C25BF202-9432-4E32-9055-1F0798D32683",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51."
},
{
"lang": "es",
"value": "XnView Classic versi\u00f3n 2.49.1, permite un User Mode Write AV que inicia en Xwsq+0x0000000000001e51."
}
],
"id": "CVE-2019-17261",
"lastModified": "2024-11-21T04:31:58.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T12:15:12.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpRemoveUCRBlock+0x0000000000000046."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10756 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10756 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpRemoveUCRBlock+0x0000000000000046.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpRemoveUCRBlock+0x0000000000000046.\""
}
],
"id": "CVE-2017-10756",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10756"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018" (with RPC initialization).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10772 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10772 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018\" (with RPC initialization)."
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018\" (con inicializaci\u00f3n RPC)."
}
],
"id": "CVE-2017-10772",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10772"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x000000000000042f."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10762 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10762 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x000000000000042f.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x000000000000042f\"."
}
],
"id": "CVE-2017-10762",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10762"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio mediante un archivo .jb2 manipulado, relacionado con \"User Mode Write AV comenzando en ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010\"."
}
],
"id": "CVE-2017-14270",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14270"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x0000000000004cbb."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9898 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9898 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x0000000000004cbb.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos ejecutar c\u00f3digo mediante un archivo .fpx manipulado, relacionado a \"User Mode Write AV comenzado en Xfpx+0x0000000000004cbb.\""
}
],
"id": "CVE-2017-9898",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9898"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000385474.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000385474.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "570AC220-662F-4446-9611-4B13BC6FDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474."
},
{
"lang": "es",
"value": "XnView Classic 2.48 tiene un User Mode Write AV iniciando en xnview+0x0000000000385474."
}
],
"id": "CVE-2019-13253",
"lastModified": "2024-11-21T04:24:33.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T16:15:11.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000385474.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000385474.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000048e7."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15789 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15789 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV starting at CADImage+0x00000000000048e7.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes ejecuten c\u00f3digo arbitrario o que provoquen una denegaci\u00f3n de servicio mediante un archivo .dwg manipulado, relacionado con \"User Mode Write AV starting at CADImage+0x00000000000048e7\"."
}
],
"id": "CVE-2017-15789",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:02.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15789"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.\""
}
],
"id": "CVE-2017-10754",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10754"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15779 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15779 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes ejecuten c\u00f3digo arbitrario o que provoquen una denegaci\u00f3n de servicio mediante un archivo .dwg manipulado. Esta vulnerabilidad est\u00e1 relacionada con \"Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0\"."
}
],
"id": "CVE-2017-15779",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:01.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15779"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328165.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328165.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "570AC220-662F-4446-9611-4B13BC6FDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328165."
},
{
"lang": "es",
"value": "XnView Classic 2.48 tiene un User Mode Write AV iniciando en xnview+0x0000000000328165."
}
],
"id": "CVE-2019-13258",
"lastModified": "2024-11-21T04:24:33.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T16:15:11.917",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328165.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328165.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10783 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10783 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393\"."
}
],
"id": "CVE-2017-10783",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10783"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e388."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9899 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9899 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e388.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a un atacante remoto ejecutar c\u00f3digo mediante un archivo .fpx manipulado, relacionado a \"Data from Faulting Address controls Code Flaw comenzando en Xfpx!gffGetFormatInfo+0x000000000002e388.\""
}
],
"id": "CVE-2017-9899",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9899"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000004b4."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10758 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10758 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000004b4.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000004b4\"."
}
],
"id": "CVE-2017-10758",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10758"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000285ce1."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15783 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15783 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000285ce1.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .dwg manipulado. Esta vulnerabilidad est\u00e1 relacionada con \"Data from Faulting Address controls Branch Selection comenzando en CADImage+0x0000000000285ce1\"."
}
],
"id": "CVE-2017-15783",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:02.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15783"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15783"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByHandle+0x0000000000000031."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10763 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10763 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByHandle+0x0000000000000031.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByHandle+0x0000000000000031\"."
}
],
"id": "CVE-2017-10763",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10763"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285d79."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15773 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15773 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285d79.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .dwg manipulado, relacionado con \"Read Access Violation starting at CADImage+0x0000000000285d79\"."
}
],
"id": "CVE-2017-15773",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:01.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15773"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x0000000000002d83."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15788 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15788 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV starting at CADImage+0x0000000000002d83.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes ejecuten c\u00f3digo arbitrario o que provoquen una denegaci\u00f3n de servicio mediante un archivo .dwg manipulado, relacionado con \"User Mode Write AV starting at CADImage+0x0000000000002d83\"."
}
],
"id": "CVE-2017-15788",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:02.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15788"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from KERNELBASE!CompareStringW+0x0000000000000082."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10738 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10738 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from KERNELBASE!CompareStringW+0x0000000000000082.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a una \"Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from KERNELBASE!CompareStringW+0x0000000000000082.\""
}
],
"id": "CVE-2017-10738",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:00.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10738"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpInsertFreeBlock+0x00000000000001ca\"."
}
],
"id": "CVE-2017-10768",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10768"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005862."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14282 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14282 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a \"Read Access Violation starting at jbig2dec+0x0000000000005862.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .jb2 manipulado, relacionado con \"Read Access Violation comenzando en jbig2dec+0x0000000000005862\"."
}
],
"id": "CVE-2017-14282",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14282"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at IMM32!ImmLockImeDpi+0x0000000000000050."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10765 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10765 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at IMM32!ImmLockImeDpi+0x0000000000000050.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at IMM32!ImmLockImeDpi+0x0000000000000050\"."
}
],
"id": "CVE-2017-10765",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10765"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-02 20:15
Modified
2024-11-21 01:54
Severity ?
Summary
xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | Permissions Required, Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/52101 | Not Applicable, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/52101 | Not Applicable, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7CE9A60-E0EA-413A-B058-007F50D879F5",
"versionEndExcluding": "2.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow."
},
{
"lang": "es",
"value": "El archivo xnview.exe en XnView versiones anteriores a 2.13, no maneja apropiadamente las longitudes de banda RLE durante el procesamiento de archivos RGB, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio del campo de tama\u00f1o de banda RLE en un archivo RGB, lo que conlleva a un error de extensi\u00f3n de signo inesperado y un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria."
}
],
"id": "CVE-2013-3939",
"lastModified": "2024-11-21T01:54:34.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T20:15:14.053",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35\u0026t=29087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52101"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14281 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14281 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .jb2 manipulado, relacionado con \"Data from Faulting Address se emplea como uno o m\u00e1s argumentos en una llamada de funci\u00f3n comenzando en jbig2dec+0x00000000000090f1\"."
}
],
"id": "CVE-2017-14281",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14281"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b24."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10777 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10777 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b24.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000372b24\"."
}
],
"id": "CVE-2017-10777",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10777"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x000000000000053a."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10770 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10770 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x000000000000053a.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCreateSplitBlock+0x000000000000053a\"."
}
],
"id": "CVE-2017-10770",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:02.123",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10770"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes ejecuten c\u00f3digo arbitrario o provoquen una denegaci\u00f3n de servicio mediante un archivo .jb2 manipulado, relacionado con \"User Mode Write AV comenzando en ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e\"."
}
],
"id": "CVE-2017-14271",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-08 12:15
Modified
2024-11-21 04:31
Severity ?
Summary
XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/linhlhq/research/blob/master/README.md | Third Party Advisory | |
| cve@mitre.org | https://www.xnview.com/en/xnview/#changelog | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/linhlhq/research/blob/master/README.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.xnview.com/en/xnview/#changelog | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.49.1:*:*:*:classic:*:*:*",
"matchCriteriaId": "C25BF202-9432-4E32-9055-1F0798D32683",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0."
},
{
"lang": "es",
"value": "XnView Classic versi\u00f3n 2.49.1 permite un User Mode Write AV que inicia en Xwsq+0x0000000000001fc0."
}
],
"id": "CVE-2019-17262",
"lastModified": "2024-11-21T04:31:58.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-08T12:15:12.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/linhlhq/research/blob/master/README.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.xnview.com/en/xnview/#changelog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x000000000000039b."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14285 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14285 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x000000000000039b.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .jb2 manipulado, relacionado con \"Data from Faulting Address controls Branch Selection comenzando en ntdll_77400000!RtlInterlockedPopEntrySList+0x000000000000039b\"."
}
],
"id": "CVE-2017-14285",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-27 23:15
Modified
2024-11-21 08:28
Severity ?
Summary
Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.51.5:*:*:*:classic:*:*:*",
"matchCriteriaId": "1D0AE2D0-3745-4466-AD5C-A90CC11D56D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento de b\u00fafer en XnView Classic v.2.51.5 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo TIF manipulado."
}
],
"id": "CVE-2023-46587",
"lastModified": "2024-11-21T08:28:50.093",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-27T23:15:07.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/nasroabd/vulns/tree/main/XnView/2.51.5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at COMCTL32!Tab_OnGetItem+0x000000000000002f."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10764 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10764 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at COMCTL32!Tab_OnGetItem+0x000000000000002f.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, podr\u00eda permitir a los atacantes causar una denegaci\u00f3n de servicio o posiblemente no especificado otro impacto por medio de un archivo .rle creado, relacionado a \"Data from Faulting Address controls Branch Selection starting at COMCTL32!Tab_OnGetItem+0x000000000000002f\"."
}
],
"id": "CVE-2017-10764",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.903",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10764"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10741 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10741 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a un \"User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121.\""
}
],
"id": "CVE-2017-10741",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:01.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10741"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-11 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the "Open containing folder" menu item.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A98A483F-257F-4B06-A2E3-56CA425EA07D",
"versionEndIncluding": "1.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "A195F27B-4B38-4882-B34C-D729CC8ACB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80:*:*:*:*:*:*:*",
"matchCriteriaId": "FC73F60A-D89E-46FE-BA89-EAFE509489D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA0EDE4-DF5A-4152-B113-75E93910F556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2427F9F0-76C3-4C53-A794-6C0E839A1BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4400B8A-5D9B-4E68-830D-28D70969DDA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82:*:*:*:*:*:*:*",
"matchCriteriaId": "0E21984E-6830-44B9-BFCD-5EFC9886272E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in XnView before 1.98.1 allows local users to gain privileges via a Trojan horse .exe file in a folder selected by the \"Open containing folder\" menu item."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en XnView anterior a v1.98.1 permite a usuarios locales obtener privilegios a trav\u00e9s de un fichero .exe Caballo de Troya en una carpeta seleccionada por la opci\u00f3n del men\u00fa \"Open containing folder\"."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\u0027CWE-426: Untrusted Search Path\u0027",
"id": "CVE-2011-1338",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-11T20:55:00.990",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN17844633/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000050"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45127"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.osvdb.org/73619"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/48562"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN17844633/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/73619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68369"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-09 10:33
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A680CAE-6D19-436D-8748-69A628CBF0B2",
"versionEndIncluding": "1.98.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.0:a:*:*:*:*:*:*",
"matchCriteriaId": "D1160EF2-C078-4C0A-999B-05B6D42FC65F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "26750A49-32A9-41C4-B4FC-4C53650D5B5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "E93C259A-6715-468F-A1E1-CF954761EE84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "70F7DBD6-D249-4D64-B2FB-D486785F26E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "662F38C4-C400-435E-BCD4-0021AB6FA4FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B4B6DE-A8D1-4B76-9873-F3FF386B6647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.05:b:*:*:*:*:*:*",
"matchCriteriaId": "2F17BB19-F2EC-49EA-95FE-55126352D8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.05:c:*:*:*:*:*:*",
"matchCriteriaId": "BE7CE2C1-5D75-4760-891D-E53409F08A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "773D4D55-D241-41DD-A802-90F6B8037544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.07:*:*:*:*:*:*:*",
"matchCriteriaId": "F39E52FA-38AA-44CD-A027-9189BCD27E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.08:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5AD70E-6E6A-4D26-BF7B-FDBC169AE62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "874FB295-26DC-4BD4-84A7-D396D4B9F8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "34CE10DC-AC95-4A92-BF18-DE839FEB3EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5D72A3-82A9-44FF-AF40-AE4534DF13D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4D2D41-0934-4F2E-9033-7866342A6148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCC4DC4-FBB3-4B85-B7A1-0FDEE513DA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA5158C-0F58-4C3D-8E36-61231E1D1F6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "37B04085-8D2F-4DFD-B577-AFDCAA366335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AD62B251-470E-4D4F-93D2-E87453037CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "ACB7E1A0-63FD-4608-A070-D4D867671055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.17:a:*:*:*:*:*:*",
"matchCriteriaId": "28452A67-510F-4D6A-A96D-E51C0DD8B6E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9B481D02-6F2F-4230-94BB-3EC257993D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB44AE2-8FCA-406B-AEE0-E724518CE74E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "41353F26-E155-41D5-9412-4E3FC28F1701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "55F1494F-8A2C-4362-832B-3B3887794F7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "29E0879C-7580-49ED-93A5-7E072B3B6D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABD9EED-E230-455E-9052-23C08EE392D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0FA50E-9965-4FA3-BB85-E63CD0824914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "02C9ACEF-6B7C-42D5-8D68-04C7915B9039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "29EF6CFD-A098-41D6-9E8F-9842A9C16048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.25:a:*:*:*:*:*:*",
"matchCriteriaId": "102E7705-5533-4214-ACEE-B7C02CB454E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB38B70-E59C-42CE-877C-D3322157E483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "9A159A1F-85FB-4C5C-8D8E-399F30CDA115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "67738CAF-186D-4831-AE04-E9E509BBC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "52D407A4-8499-4DA2-99D7-0DE4C5F7F2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FECC88-9938-4AD0-889F-559C8F99B5BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.35:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B324FA-DC14-44F8-8B63-0A2C71455726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.36:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C31A9-1239-4B22-AAA9-8294714EF677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.37:*:*:*:*:*:*:*",
"matchCriteriaId": "98E67FA4-9AB4-4A2D-8B61-A90A09FA1484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "F988A618-07A7-438C-9FE2-EE2D1C9A1874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "24A5B8B1-64FB-4B4D-825C-9F5049F61484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "06D2393E-715C-4B26-8868-AB0A71F22CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "679BF820-BF6B-4004-9F4D-7CE883456C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C0897791-B53F-4724-80F5-099DA55E2F7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.50.1:*:*:*:*:*:*:*",
"matchCriteriaId": "348D00F9-5BF2-4B16-9DC7-5165E92C8610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.55:*:*:*:*:*:*:*",
"matchCriteriaId": "6911582E-232F-44D8-82E6-104BD10F93E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA514C3-D3BA-449E-A3E3-46917666F425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.61:*:*:*:*:*:*:*",
"matchCriteriaId": "6B4D2CAD-8714-4CE4-969B-C157F33C5AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.65:*:*:*:*:*:*:*",
"matchCriteriaId": "724E0679-4A89-4F7A-AF41-EA9C3A5C7C0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.66:*:*:*:*:*:*:*",
"matchCriteriaId": "4EBA50FC-6C50-42C5-8361-0165C7BE844B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.67:*:*:*:*:*:*:*",
"matchCriteriaId": "38F201D3-52E9-4D1E-9CDF-7224DA766BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.68:*:*:*:*:*:*:*",
"matchCriteriaId": "66EB8513-6378-49E6-B7F7-52C5FEA40452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF190D40-A8FA-43BA-AE0E-4ED50ED2B14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70:*:*:*:*:*:*:*",
"matchCriteriaId": "0E27EB1D-5AE3-4002-829B-6AA0AE8D60F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB57494-C072-4C99-A0D2-207E2DEA76C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A5798EA-8ADC-4632-BBD4-811207EAFCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.70.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2BA7BA-EACB-41C5-9C0C-376678990766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "A195F27B-4B38-4882-B34C-D729CC8ACB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80:*:*:*:*:*:*:*",
"matchCriteriaId": "FC73F60A-D89E-46FE-BA89-EAFE509489D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA0EDE4-DF5A-4152-B113-75E93910F556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2427F9F0-76C3-4C53-A794-6C0E839A1BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.80.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4400B8A-5D9B-4E68-830D-28D70969DDA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82:*:*:*:*:*:*:*",
"matchCriteriaId": "0E21984E-6830-44B9-BFCD-5EFC9886272E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16CBF0CE-9CBC-4C12-8061-B186543ABF0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B628ABE-2FB9-477E-859A-51AD323BF64D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.82.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A66BCB0-D555-4627-BADA-806DA84E3167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "A2346275-34F4-456E-8A9D-BB5DB24487D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA55EEC-4213-42B6-9C1A-FE9CB076DEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.90.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F3174A-3C30-4FBC-8478-21DA00661F4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "779BD454-9656-4B71-899E-FE0CC2413435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37E3E487-26EC-4843-A80A-B02D6180FCB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.2:*:*:*:*:*:*:*",
"matchCriteriaId": "323F2315-A433-4278-B4B1-F089A2F3E31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8E049E-4353-41A1-AB90-107D4CDB291A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52354ABE-D603-4D6D-99AA-3EB3CA33DF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2E41CB-D8AC-4D33-A81D-A66C3CFBE644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.91.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B014AC9-6A9B-49AE-806F-DF3683169DA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "26269B37-EE6D-4829-8100-656AFC6D706D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01370703-08C0-49C3-A7F6-5C223FB146C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93:*:*:*:*:*:*:*",
"matchCriteriaId": "222D7302-E49E-4BD8-9E4D-872AA3103A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F10DEFA8-377A-434D-A353-4C428A9A13F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.2:*:*:*:*:*:*:*",
"matchCriteriaId": "481D1D7F-5A8A-4A5D-A499-A733ACA00CD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D686020-C181-4F84-8418-C90ABE387D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9BF2F4-8821-48E8-8421-AF0AA761EF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.93.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB56C26-5E49-47BB-89DE-C501400329FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.94:*:*:*:*:*:*:*",
"matchCriteriaId": "6AE38635-D538-4D61-83D9-61D7D3A89C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.94.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC83C981-C43B-4B8E-A912-2F4729F77B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.94.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD418E1-79FA-4942-AB0D-9B45C1368890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95:*:*:*:*:*:*:*",
"matchCriteriaId": "C0AE1B44-0384-4043-9892-FE57E530BE08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD61FD5-A98B-4793-B7B6-D25307B89F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48950A60-115D-4685-B3D2-6AE54AE2737E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C64D9A65-BE9C-4295-9DAD-B3DB9E915E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.95.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4996E2-0085-44FE-8C29-A4734A1D61FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9B7628-C72F-44BD-92BB-2E85DEAA003E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05C35C3-3BBA-43FD-AE8D-C132AB6330F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5B1D98-83E7-41C3-84E2-D0552B37644F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.96.5:*:*:*:*:*:*:*",
"matchCriteriaId": "19D77398-388F-420C-94D1-C1EAC1635C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97:*:*:*:*:*:*:*",
"matchCriteriaId": "5ACCCCC3-0331-4ABA-9ED8-9C1E1381FE1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D55F2D9-720C-4FC5-AC12-DB26A3F90F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D80CC7A1-8F73-4941-933D-F7CBA286E0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB36873-6A5F-4E2D-A5D4-053B45C38987",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685."
},
{
"lang": "es",
"value": "Desbordamiento de entero en XnViewer (tambi\u00e9n conocido como XnView) antes de v1.98.5, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo modificado que contiene los tipos de registro PSD, una vulnerabilidad diferente de CVE-2012-0685."
}
],
"id": "CVE-2012-0684",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-09T10:33:14.927",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows versi\u00f3n 2.40, permite a los atacantes ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio por medio de un archivo .rle creado, relacionado a un \"User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6.\""
}
],
"id": "CVE-2017-10737",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:00.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285ec1."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15776 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15776 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285ec1.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .dwg manipulado. Esta vulnerabilidad est\u00e1 relacionada con \"Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285ec1\"."
}
],
"id": "CVE-2017-15776",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:01.790",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15776"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-16 20:30
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:1.97.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB36873-6A5F-4E2D-A5D4-053B45C38987",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en XnView v1.97.4 y posiblemente versiones anteriores, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo MultiBitMap (MBM) con una Paint Data Section que contiene un campo Encoded mal formado."
}
],
"id": "CVE-2010-1932",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-16T20:30:02.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40141"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40852"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024100"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1468"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/XnView-MBM-Processing-Heap-Overflow"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59421"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-04 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.48:*:*:*:*:*:*:*",
"matchCriteriaId": "570AC220-662F-4446-9611-4B13BC6FDBD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000328384."
},
{
"lang": "es",
"value": "XnView Classic 2.48 tiene un User Mode Write AV iniciando en xnview+0x0000000000328384."
}
],
"id": "CVE-2019-13261",
"lastModified": "2024-11-21T04:24:34.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-04T16:15:12.103",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apriorit/pentesting/blob/master/bugs/xnview/0x0000000000328384.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-11 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14284 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14284 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c.\""
},
{
"lang": "es",
"value": "XnView Classic 2.40 para Windows permite que los atacantes provoquen una denegaci\u00f3n de servicio o, posiblemente, otro impacto sin especificar mediante un archivo .jb2 manipulado, relacionado con \"Data from Faulting Address controls Branch Selection comenzando en ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c\"."
}
],
"id": "CVE-2017-14284",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-11T18:29:00.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14284"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-02 20:15
Modified
2024-11-21 01:53
Severity ?
Summary
Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5097A532-AC70-40C3-B213-015C41F5BCF2",
"versionEndExcluding": "2.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el archivo xnview.exe en XnView versiones anteriores a 2.03, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una capa de imagen dise\u00f1ada en un archivo XCF."
}
],
"id": "CVE-2013-3246",
"lastModified": "2024-11-21T01:53:15.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-02T20:15:11.100",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-22 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at CADImage+0x0000000000288750."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15777 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15777 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.43:*:*:*:*:*:*:*",
"matchCriteriaId": "D51F98D4-FEA4-4587-96A2-EFF5A8412D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV near NULL starting at CADImage+0x0000000000288750.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.43 permite que los atacantes ejecuten c\u00f3digo arbitrario o que provoquen una denegaci\u00f3n de servicio mediante un archivo .dwg manipulado, relacionado con \"User Mode Write AV near NULL starting at CADImage+0x0000000000288750\"."
}
],
"id": "CVE-2017-15777",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-22T20:29:01.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15777"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-05 20:29
Modified
2025-04-20 01:37
Severity ?
Summary
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e91."
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xnview:xnview:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9A195A41-AABE-4513-9734-3C650136C163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e91.\""
},
{
"lang": "es",
"value": "XnView Classic para Windows en su versi\u00f3n 2.40 permite a atacantes remotos ejecutar c\u00f3digo mediante un archivo .fpx manipulado, relacionado a \"Data from Faulting Address controls Code Flow comenzado en Xfpx!gffGetFormatInfo+0x0000000000020e91.\""
}
],
"id": "CVE-2017-9902",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-05T20:29:04.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}