Release date:
Updated on:
Affected Systems:
XnView 2.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 64441
CVE (CAN) ID: CVE-2013-3939
XnView is a browser Image Viewer that supports multiple graphic formats.
When XnView 2.04 and other versions use the Csiz parameter marked by SIZ to allocate memory, and when the lqcd field marked by QCD is used to copy data, Xjp2.dll has a boundary error. Remote attackers use a specially crafted 2000file, this vulnerability can cause heap buffer overflow.
<* Source: kaveh ghaemmaghami
Link: http://secunia.com/advisories/52101/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
XnView
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.xnview.com/
Refer:
Http://newsgroup.xnview.com/viewtopic.php? F = 35 & amp; t = 29087
Ubuntu 10.04 LTS download & Trial of the Linux version of XnView