XnView DICOM Parsing Integer Overflow Vulnerability (Linux) Network Vulnerability

Summary

This host has XnView installed and is prone to integer overflow vulnerability. Vulnerabilities Insight: The flaw is due to integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by persuading a victim to open a specially-crafted DICOM image file.

Impact

Attackers can exploit this issue to cause buffer overflow and execute arbitrary code on the system with elevated privileges or cause the application to crash. Impact Level: System/Application

Solution

Update to XnView version 1.97.2 For updates refer to http://www.xnview.com/

Affected

XnView versions prior to 1.97.2 on linux

References

http://www.osvdb.org/62829
http://www.securityfocus.com/archive/1/archive/1/509999/100/0/threaded
http://xforce.iss.net/xforce/xfdb/56802

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4001

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader/Acrobat Multimedia Doc.media.newPlayer Code Execution Vulnerability (Win)
Apple iTunes 'itpc:' URI Buffer Overflow Vulnerability
Apple QuickTime Multiple Vulnerabilities - Sep09
Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win)
Adobe Reader '/Registry' and '/Ordering' Buffer Overflow Vulnerability (Win)

Take action and discover your vulnerabilities