Release date:
Updated on:
Affected Systems:
XnView 2.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 64439
CVE (CAN) ID: CVE-2013-3941
XnView is a browser Image Viewer that supports multiple graphic formats.
When XnView 2.04 and other versions process the RLERLE striplength of RGB files, there is a signature extension error in xnview.exe. Remote attackers can exploit this vulnerability to cause heap buffer overflow by using an RGB file with a specially crafted RLERLE strip length field.
<* Source: Krystian Kloskowski (h07)
Link: http://secunia.com/advisories/52101/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
XnView
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.xnview.com/
Refer:
Http://newsgroup.xnview.com/viewtopic.php? F = 35 & amp; t = 29087
Ubuntu 10.04 LTS download & Trial of the Linux version of XnView