CVE-2020-23886

XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree.
Configurations

Configuration 1 (hide)

cpe:2.3:a:xnview:xnview_mp:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:14

Type Values Removed Values Added
References () https://cwe.mitre.org/data/definitions/122.html - Technical Description () https://cwe.mitre.org/data/definitions/122.html - Technical Description
References () https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp - Exploit, Third Party Advisory () https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp - Exploit, Third Party Advisory
References () https://www.xnview.com/en/xnviewmp/ - Product, Vendor Advisory () https://www.xnview.com/en/xnviewmp/ - Product, Vendor Advisory

26 Oct 2022, 13:55

Type Values Removed Values Added
References (MISC) https://cwe.mitre.org/data/definitions/122.html - (MISC) https://cwe.mitre.org/data/definitions/122.html - Technical Description

10 Jul 2022, 21:15

Type Values Removed Values Added
References
  • (MISC) https://cwe.mitre.org/data/definitions/122.html -

15 Nov 2021, 22:00

Type Values Removed Values Added
CPE cpe:2.3:a:xnview:xnview_mp:*:*:*:*:*:*:*:*
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 5.5
References (MISC) https://www.xnview.com/en/xnviewmp/ - (MISC) https://www.xnview.com/en/xnviewmp/ - Product, Vendor Advisory
References (MISC) https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp - (MISC) https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp - Exploit, Third Party Advisory

11 Nov 2021, 01:53

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-10 22:15

Updated : 2024-11-21 05:14


NVD link : CVE-2020-23886

Mitre link : CVE-2020-23886

CVE.ORG link : CVE-2020-23886


JSON object : View

Products Affected

xnview

  • xnview_mp
CWE
CWE-787

Out-of-bounds Write