Xnview : Security Vulnerabilities, CVEs, CVSS score >= 8
XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6.
Max CVSS
9.8
EPSS Score
0.11%
Published
2023-12-29
Updated
2024-01-04
XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-29
Updated
2024-01-04
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.
Max CVSS
9.8
EPSS Score
0.89%
Published
2020-01-02
Updated
2020-01-08
Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
1.90%
Published
2014-03-18
Updated
2014-03-19
XnView 2.03 has an integer overflow vulnerability
Max CVSS
9.8
EPSS Score
0.21%
Published
2020-01-27
Updated
2020-01-29
XnView 2.03 has a stack-based buffer overflow vulnerability
Max CVSS
9.8
EPSS Score
0.28%
Published
2020-01-27
Updated
2020-01-30
Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.
Max CVSS
9.3
EPSS Score
13.49%
Published
2013-08-09
Updated
2017-08-29
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.
Max CVSS
9.3
EPSS Score
12.31%
Published
2014-07-09
Updated
2017-10-05
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684.
Max CVSS
9.3
EPSS Score
0.10%
Published
2012-05-09
Updated
2012-05-10
Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685.
Max CVSS
9.3
EPSS Score
0.10%
Published
2012-05-09
Updated
2012-05-10
Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.
Max CVSS
9.3
EPSS Score
17.59%
Published
2010-06-16
Updated
2017-08-17
Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
6.65%
Published
2010-03-15
Updated
2018-10-10
12 vulnerabilities found