Nixpkgs Security Tracker

Untriaged

Permalink CVE-2013-3939

created 1 month ago

xnview.exe in XnView before 2.13 does not properly handle RLE …

xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.

References

52101 third-party-advisory x_refsource_SECUNIA
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 x_refsource_CONFIRM
52101 third-party-advisory x_refsource_SECUNIA x_transferred
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 x_refsource_CONFIRM x_transferred
52101 third-party-advisory x_refsource_SECUNIA
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 x_refsource_CONFIRM
52101 third-party-advisory x_refsource_SECUNIA x_transferred
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 x_refsource_CONFIRM x_transferred

Affected products

XnView

==before 2.13

Matching in nixpkgs

pkgs.xnviewmp

Efficient multimedia viewer, browser and converter

nixos-unstable 1.9.8
- nixpkgs-unstable 1.9.8
- nixos-unstable-small 1.9.8
nixos-25.11 1.9.5
- nixos-25.11-small 1.9.5
- nixpkgs-25.11-darwin 1.9.5

Package maintainers

@oddlama oddlama <oddlama@oddlama.org>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.xnviewmp

Package maintainers