Nixpkgs Security Tracker

Untriaged

Permalink CVE-2013-3941

created 1 month ago

Xjp2.dll in XnView before 2.13 allows remote attackers to execute …

Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.

References

http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 x_refsource_MISC
http://secunia.com/advisories/52101 x_refsource_MISC
http://secunia.com/advisories/52101 x_refsource_MISC x_transferred
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 x_refsource_MISC x_transferred
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 x_refsource_MISC
http://secunia.com/advisories/52101 x_refsource_MISC
http://secunia.com/advisories/52101 x_refsource_MISC x_transferred
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 x_refsource_MISC x_transferred

Affected products

XnView

==before 2.13

Matching in nixpkgs

pkgs.xnviewmp

Efficient multimedia viewer, browser and converter

nixos-unstable 1.9.8
- nixpkgs-unstable 1.9.8
- nixos-unstable-small 1.9.8
nixos-25.11 1.9.5
- nixos-25.11-small 1.9.5
- nixpkgs-25.11-darwin 1.9.5

Package maintainers

@oddlama oddlama <oddlama@oddlama.org>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.xnviewmp

Package maintainers