CVE Vulnerabilities for XnView MP
| CVE | Published | Severity | Details | Exploitability | Impact | Vector |
|---|---|---|---|---|---|---|
| CVE‑2020‑23887 | 2021‑11‑10 22:15:10 | MEDIUM (6) | XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33. | 2 | 4 | LOCAL |
| CVE‑2020‑23886 | 2021‑11‑10 22:15:10 | MEDIUM (6) | XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree. | 2 | 4 | LOCAL |
| CVE‑2019‑9965 | 2019‑03‑24 02:29:00 | MEDIUM (7) | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap. | 0 | 0 | NETWORK |
| CVE‑2019‑9964 | 2019‑03‑24 02:29:00 | MEDIUM (7) | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey. | 0 | 0 | NETWORK |
| CVE‑2019‑9963 | 2019‑03‑24 02:29:00 | MEDIUM (7) | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap. | 0 | 0 | NETWORK |
| CVE‑2019‑9962 | 2019‑03‑24 02:29:00 | MEDIUM (7) | XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy. | 0 | 0 | NETWORK |
View OS-specific patching for:
Windows Mac Linux
Logos, products, trade names, and company names are all the property of their respective trademark holders.
The above listing includes products that Lavawall® monitors through public information and/or proprietary statistical analysis.
Although we do have a partner relationship with some of the listed products and companies, they do not necessarily endorse Lavawall® or have integrations with our systems.