This host has XnView installed and is prone to multiple heap based buffer overflow vulnerabilities. Vulnerabilities Insight: The flaws are due to - A signedness error in the FlashPix plugin (Xfpx.dll) when validating buffer sizes to process image's content. - An error when processing image data within Personal Computer eXchange (PCX) files. - A boundary error when parsing a directory, which allows attackers to cause a buffer overflow when browsing folder from an extracted archive file.

Successful exploitation will allow attackers to execute arbitrary code on the system via a specially crafted files or cause a denial of service condition. Impact Level: System/Application

Update to XnView version 1.98.8 or later, For updates refer to http://www.xnview.com/

XnView versions 1.98.5 and prior on windows

• http://forums.cnet.com/7726-6132_102-5285780.html
• http://secunia.com/advisories/47388/
• http://www.exploit-db.com/exploits/18491/
• http://www.securityfocus.com/bid/52405/info

---

Updated on 2015-03-25