JPEG: Danger also with xnview?

Ask for help and post your question on how to use XnView Classic.

Moderators: helmut, XnTriq, xnview

Post Reply
Lasse
Posts: 25
Joined: Sat Jul 31, 2004 10:04 am
Location: Braunschweig/Hondelage
Contact:

JPEG: Danger also with xnview?

Post by Lasse »

Hello!

These days, there was a Microsoft-Bug with JPEG-Images, who can
cause a buffer overflow and insert some code.

What happens, if such a manupulated JPEG-Image is opened with xnview?

No danger at all? Or depends it on the windows-version?

Regards,
Lasse
User avatar
xnview
Author of XnView
Posts: 46325
Joined: Mon Oct 13, 2003 7:31 am
Location: France
Contact:

Re: JPEG: Danger also with xnview?

Post by xnview »

Lasse wrote:These days, there was a Microsoft-Bug with JPEG-Images, who can
cause a buffer overflow and insert some code.
What happens, if such a manupulated JPEG-Image is opened with xnview?
No danger at all? Or depends it on the windows-version?
I don't think that there is a problem, because microsoft don't use the same library, and if you open a such jpeg with xnview, what's happened? Nothing, only perhaps a crash of xnview.
Pierre.
MaierMan
Posts: 78
Joined: Wed Aug 04, 2004 8:32 pm
Contact:

Post by MaierMan »

Tested with sample found at:
http://www.easynews.com/virus.html

With XNView 1.70 you simply see the regular jpeg-file-icon (no thumb).
You cannot open it with xnview... Says that the format cannot be determined.
The image itself doesnt contain valid image data for what I read. Thus its correct that nothing was displayed.
No crashes.

I dont think Pierre just copied pretty old Netscape code.
Thus no bug ;)
(While MS seems to have done exactly this :P).

PS: Norton Antivirus 2004 was found it via auto-protect...
Saying it was found thru Bloodhound.
User avatar
helmut
Posts: 8704
Joined: Sun Oct 12, 2003 6:47 pm
Location: Frankfurt, Germany

Post by helmut »

MaierMan wrote:Tested with sample found at:
http://www.easynews.com/virus.html
...
Maierman, thank you very much for testing this and letting us know.

Gruß, Helmut
Post Reply