Release date:
Updated on:
Affected Systems:
XnView 2.13
Description:
--------------------------------------------------------------------------------
Bugtraq id: 66187
CVE (CAN) ID: CVE-2013-3938
XnView is a browser Image Viewer that supports multiple graphic formats.
XnView 2.13 and other versions have the integer overflow vulnerability in xnview.exe when processing the IFD_ENTRY () structure of JXR files. Attackers can exploit this vulnerability to cause heap buffer overflow through specially crafted entries with a super-long NUM_ELEMENTS field.
<* Source: kaveh ghaemmaghami
Link: http://secunia.com/advisories/56172/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
XnView
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.xnview.com/