XnView PSD Record Type Parsing Integer Overflow Vulnerabilities (Windows) Network Vulnerability

Summary

This host has XnView installed and is prone to multiple integer overflow vulnerabilities. Vulnerabilities Insight: The flaws are due to integer overflow errors within the parsing of PSD record types and can be exploited to cause buffer overflows via a specially crafted PSD image.

Impact

Successful exploitation will allow attackers to execute arbitrary code on the system or cause a denial of service condition. Impact Level: System/Application

Solution

Update to XnView version 1.98.5 or later, For updates refer to http://www.xnview.com/

Affected

XnView versions 1.98.2 and prior on windows

References

http://osvdb.org/show/osvdb/78357
http://secunia.com/advisories/47600/
http://technet.microsoft.com/en-us/security/msvr/msvr12-001

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0684, CVE-2012-0685

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader Integer Overflow Vulnerability - Jan 12 (Linux)
BigAntSoft BigAnt IM Message Server Multiple Vulnerabilities
Alpine tmail and dmail Buffer Overflow Vulnerabilities (Win)
Adobe Reader '/Registry' and '/Ordering' Buffer Overflow Vulnerability (Win)
Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability

Take action and discover your vulnerabilities