In association with heise online

01 April 2008, 10:36

Code smuggling through XnView slide shows

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security service provider Secunia reports that manipulated slide shows can cause the XnView image viewer/converter to malfunction. Attackers can exploit the bug using specially crafted files to inject malicious code via websites or e-mails.

The vulnerability is due to a boundary error in the FontName parameter of slide show files (.sld). If the name is too long, a stack-based buffer overflow can occur. The error affects XnView 1.92, 1.92.1 and possibly older versions. Version 1.93.4, which no longer contains the flaw, is now available for download on the homepage. Usersof this software should update to this version immediately.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit