Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2012-4988

Published: 09/07/2014 Updated: 05/10/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Xnview

Vulnerability Summary

Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote malicious users to execute arbitrary code via a crafted JLS image file.

Vulnerable Product Search on Vulmon Subscribe to Product

xnview xnview 1.99

xnview xnview 1.99.1

Exploits

Exploit DB: XnView 1.99.1 - '.JLS' File Decompression Heap Overflow
SUMMARY XnView Formats PlugIn is prone to an overflow condition The JLS Plugin (xjpeglsdll) library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow With a specially crafted JLS compressed image file, a context-dependent attacker could potentially execute arbitrary code POC file posted at: wwwre ...

References

CWE-119http://osvdb.org/show/osvdb/85893http://seclists.org/fulldisclosure/2012/Oct/36http://secunia.com/advisories/50825http://www.reactionpenetrationtesting.co.uk/xnview-jls-heap.htmlhttp://www.securityfocus.com/bid/55787https://exchange.xforce.ibmcloud.com/vulnerabilities/79030https://www.exploit-db.com/exploits/21741/https://nvd.nist.govhttps://www.exploit-db.com/exploits/21741/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook