Total
152 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-10745 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2017-07-10 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!RtlProcessFlsData+0x00000000000000b0." | |||||
| CVE-2017-10743 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2017-07-10 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Stack Buffer Overrun (/GS Exception) starting at ntdll_77df0000!LdrpInitializeNode+0x000000000000015b." | |||||
| CVE-2017-10744 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2017-07-10 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::s_ToolTipsWndProc+0x0000000000000032." | |||||
| CVE-2017-10742 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2017-07-10 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x00000000380a0500 called from ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016." | |||||
| CVE-2017-10738 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2017-07-10 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000002f32332f called from KERNELBASE!CompareStringW+0x0000000000000082." | |||||
| CVE-2017-10739 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2017-07-10 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Data Execution Prevention Violation starting at Unknown Symbol @ 0x000000000c1b541c called from xnview+0x00000000003826ec." | |||||
| CVE-2013-3938 | 1 Xnview | 1 Xnview | 2014-03-19 | 9.3 HIGH | N/A |
| Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow. | |||||
| CVE-2012-0277 | 1 Xnview | 1 Xnview | 2012-07-31 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image. | |||||
| CVE-2012-0282 | 1 Xnview | 1 Xnview | 2012-07-18 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image. | |||||
| CVE-2012-0276 | 1 Xnview | 1 Xnview | 2012-07-17 | 6.8 MEDIUM | N/A |
| Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL. | |||||
| CVE-2012-0685 | 1 Xnview | 1 Xnview | 2012-05-09 | 9.3 HIGH | N/A |
| Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684. | |||||
| CVE-2012-0684 | 1 Xnview | 1 Xnview | 2012-05-09 | 9.3 HIGH | N/A |
| Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685. | |||||