XnView Software

Hi Support,

Would like to confirm if CVE-2017-9900 only affects XnView Classic for Windows Version 2.40 and below? What is the fix version? Would like to confirm. I work for Rapid7 and support our IVM product. We are a vulnerability management security application and would like to confirm the ranges of this vulnerability. Our customer and engineering did try via email but either no response or response isn't clear. Any help would be great to improve our product and reduce the False Positives.

Thanks,

The detail of this CVE is no more available, so we can't answer

Not sure that I understand your response. What do you mean? If you look here:

https://nvd.nist.gov/vuln/detail/CVE-2017-9900

That is still public facing. Just need help verifying. Please!

the detail url is not available https://github.com/wlinzi/security_advi ... -2017-9900

I think that this CVE is fixed in latest version of XnView Classic

Would that be the 2.51.7? Would like to get confirmation so we can update our checks.

marsianoz13 wrote: Wed Oct 23, 2024 12:37 pm Would that be the 2.51.7? Would like to get confirmation so we can update our checks.

yes all CVE from this author

Hi Pierre,

We really need your help. Can you get confirmation which exact version of XnView Classic resolves this CVE-2017-9900. We want to adjust our checks. Without confirmation of the exact version, we aren't able to make changes. Can you check with your internal teams? If your confident that 2.51.7 resolves this, let me know.

Thanks,

I think that all CVE from this author has been fixed in 2.51.7, but details of CVE are no more available so not easy to confirm