xnview.exe in XnView prior to 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote malicious users to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xnview xnview |