XnView 1.99.* - 2.00 XCF (eXperimental Computing Facility) Multiple Vulnerabilities
fuzzing, security, blackbox, tests, xnview.exe, LCE, XCF, exploit
XnView 1.99.* - 2.00 XCF (eXperimental Computing Facility) Multiple Vulnerabilities
FMA-2013-003
[
Secunia
SA52519
]
[
CVE
CVE-2013-3246
]
[
CVE
CVE-2013-3247
]
XnView
1.99.6
http://www.xnview.com
xnview.exe
1.99.6
F5C67B2F2FCAF54971BAE9D317E0FF5A
Windows XP SP3 Professional Edition
2013.02.24
2013.03.06
2013.06.05
Multiple vulnerabilities in XCF file format processor.
MULTIPLE
During fuzzing of XnView 1.99.6 XCF file format our research lab has identified multiple vulnerabilities in XCF file format processor. A number of them allowed code execution in the tested application. XCF file format abbreviation stands for eXperimental Computing Facility image format. Two of the found vulnerabilities were passed to Secunia at 2013.03.06. Selected samples allowed to trigger heap overflow and stack overflow. After the new version of XnView 2.00 was published, issue was revisited. One of the found and reported vulnerabilities is exploited in the following presentation.
Multiple exceptions.