Multiple XnView Products TAAC File Buffer Overflow Vulnerability
The XnView, NConvert, and GFL SDK products are all vulnerable to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input in malicious image files.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected applications, facilitating the remote compromise of affected computers. Failed exploit attempts likely result in crashes.
The following packages are affected by this issue:
- XnView 1.70 for Linux and FreeBSD
- XnView 1.93.6 for Windows
- GFL SDK 2.82
- NConvert 4.92
Other versions may also be affected.