XnView Software

Various discussion boards for XnView and related products
https://newsgroup.xnview.com/

xnview vulnerability: XPM File Handling Buffer Overflow

https://newsgroup.xnview.com/viewtopic.php?t=12524

Page 1 of 1

xnview vulnerability: XPM File Handling Buffer Overflow

Posted: Fri Apr 27, 2007 10:20 pm
by Guest
A vulnerability affecting major image manipulation and viewing software (Adobe Creative Suite 2 and 3 products are affected among others) has been published. This seems to affect Xnview too in its handling of xpm format.
Question:
Although I believe this is going to be corrected very soon with a patch, I'm curious if there is a way to disable support for xpm format in xnview and thus hopefully avoid possible system compromise
More details:
http://secunia.com/advisories/24973/

Posted: Sat Apr 28, 2007 12:41 am
by ckit
Unchecking "Use all formats available" in Options might do it.

Re: xnview vulnerability

Posted: Sat Apr 28, 2007 8:22 am
by xnview
Anonymous wrote:A vulnerability affecting major image manipulation and viewing software (Adobe Creative Suite 2 and 3 products are affected among others) has been published. This seems to affect Xnview too in its handling of xpm format.
Question:
Although I believe this is going to be corrected very soon with a patch, I'm curious if there is a way to disable support for xpm format in xnview and thus hopefully avoid possible system compromise
More details:
http://secunia.com/advisories/24973/
Yes, i have fixed it in next version...

Thank you

Posted: Sat Apr 28, 2007 10:00 am
by Guest
Thank you for your fast reply, xnview! Can you estimate when is the next version going to be released ?

@ckit
I fiddled with the options and all I could find is a menu where I can check/uncheck file handling by xnview when a file type is accesed in Windows explorer, but this is based on file extension I believe; Somebody could craft a malicious file and change it's extension to a much wider used format and the extension filter may not work in this case.

Posted: Sat Apr 28, 2007 10:03 am
by helmut
ckit wrote:Unchecking "Use all formats available" in Options might do it.
You'll find this setting via "Tools > Options", category "General", tab Operations".

Re: Thank you

Posted: Mon Apr 30, 2007 8:56 am
by xnview
Anonymous wrote:Thank you for your fast reply, xnview! Can you estimate when is the next version going to be released ?
I hope to upload the version 1.90.4 in 2 weeks

Posted: Mon Apr 30, 2007 12:09 pm
by helmut
xnview wrote:I hope to upload the version 1.90.4 in 2 weeks
That's good.

I've just added this one to the list of must fixes for the next release.

Re: Thank you

Posted: Tue May 01, 2007 12:26 am
by Guest
xnview wrote:
Anonymous wrote:Thank you for your fast reply, xnview! Can you estimate when is the next version going to be released ?
I hope to upload the version 1.90.4 in 2 weeks
Thank you for your work.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited