xnview vulnerability: XPM File Handling Buffer Overflow

Bugs found in XnView Classic. Please report only one bug per topic!

Moderators: helmut, XnTriq, xnview

Post Reply
Guest

xnview vulnerability: XPM File Handling Buffer Overflow

Post by Guest »

A vulnerability affecting major image manipulation and viewing software (Adobe Creative Suite 2 and 3 products are affected among others) has been published. This seems to affect Xnview too in its handling of xpm format.
Question:
Although I believe this is going to be corrected very soon with a patch, I'm curious if there is a way to disable support for xpm format in xnview and thus hopefully avoid possible system compromise
More details:
http://secunia.com/advisories/24973/
Top
ckit
XnThusiast
Posts: 2583
Joined: Tue Feb 17, 2004 1:11 am
Location: QLD, Australia
Contact:
Contact ckit

Post by ckit »

Unchecking "Use all formats available" in Options might do it.
AMD Ryzen 3 3300X 3.8Ghz, 16Gb DDR4, RX6600XT with Dell U2520D at 2560x1440@60Hz scaling 125%
Win11 x64 24H2, Hard Disk Sentinel Pro, MS PowerToys, Process Lasso Pro and Wintoys
Top
User avatar
xnview
Author of XnView
Posts: 46252
Joined: Mon Oct 13, 2003 7:31 am
Location: France
Contact:
Contact xnview

Re: xnview vulnerability

Post by xnview »

Anonymous wrote:A vulnerability affecting major image manipulation and viewing software (Adobe Creative Suite 2 and 3 products are affected among others) has been published. This seems to affect Xnview too in its handling of xpm format.
Question:
Although I believe this is going to be corrected very soon with a patch, I'm curious if there is a way to disable support for xpm format in xnview and thus hopefully avoid possible system compromise
More details:
http://secunia.com/advisories/24973/
Yes, i have fixed it in next version...
Pierre.
Top
Guest

Thank you

Post by Guest »

Thank you for your fast reply, xnview! Can you estimate when is the next version going to be released ?

@ckit
I fiddled with the options and all I could find is a menu where I can check/uncheck file handling by xnview when a file type is accesed in Windows explorer, but this is based on file extension I believe; Somebody could craft a malicious file and change it's extension to a much wider used format and the extension filter may not work in this case.
Top
User avatar
helmut
Posts: 8704
Joined: Sun Oct 12, 2003 6:47 pm
Location: Frankfurt, Germany

Post by helmut »

ckit wrote:Unchecking "Use all formats available" in Options might do it.
You'll find this setting via "Tools > Options", category "General", tab Operations".
Top
User avatar
xnview
Author of XnView
Posts: 46252
Joined: Mon Oct 13, 2003 7:31 am
Location: France
Contact:
Contact xnview

Re: Thank you

Post by xnview »

Anonymous wrote:Thank you for your fast reply, xnview! Can you estimate when is the next version going to be released ?
I hope to upload the version 1.90.4 in 2 weeks
Pierre.
Top
User avatar
helmut
Posts: 8704
Joined: Sun Oct 12, 2003 6:47 pm
Location: Frankfurt, Germany

Post by helmut »

xnview wrote:I hope to upload the version 1.90.4 in 2 weeks
That's good.

I've just added this one to the list of must fixes for the next release.
Top
Guest

Re: Thank you

Post by Guest »

xnview wrote:
Anonymous wrote:Thank you for your fast reply, xnview! Can you estimate when is the next version going to be released ?
I hope to upload the version 1.90.4 in 2 weeks
Thank you for your work.
Top
Post Reply

Return to “Classic - Bug Reports”