CVE-2023-52174

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-52174
XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/seyit-sigirci/Vulnerability-Disclosures/blob/main/XNView-Crash-Reports/BOF%5B0x1C94%5D%2B4%7B%2B0~4%231b99%7D%20128.ecf%20%40%20xnview.exe%2B0x3125D6.html Exploit
https://newsgroup.xnview.com/viewtopic.php?f=35&t=46016 Release Notes
Configurations

Configuration 1 (hide)

cpe:2.3:a:xnview:xnview_classic:*:*:*:*:*:*:*:*
History

04 Jan 2024, 23:35

Type Values Removed Values Added
References () https://github.com/seyit-sigirci/Vulnerability-Disclosures/blob/main/XNView-Crash-Reports/BOF%5B0x1C94%5D%2B4%7B%2B0~4%231b99%7D%20128.ecf%20%40%20xnview.exe%2B0x3125D6.html - () https://github.com/seyit-sigirci/Vulnerability-Disclosures/blob/main/XNView-Crash-Reports/BOF%5B0x1C94%5D%2B4%7B%2B0~4%231b99%7D%20128.ecf%20%40%20xnview.exe%2B0x3125D6.html - Exploit
References () https://newsgroup.xnview.com/viewtopic.php?f=35&t=46016 - () https://newsgroup.xnview.com/viewtopic.php?f=35&t=46016 - Release Notes
CWE CWE-787
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:xnview:xnview_classic:*:*:*:*:*:*:*:*
Summary (es) XnView Classic anterior a 2.51.3 en Windows tiene Write Access Violation en xnview.exe+0x3125D6. (es) XnView Classic anterior a 2.51.3 en Windows tiene una violación de acceso de escritura en xnview.exe+0x3125D6.
First Time Xnview
Xnview xnview Classic

29 Dec 2023, 13:56

Type Values Removed Values Added
Summary
  • (es) XnView Classic anterior a 2.51.3 en Windows tiene Write Access Violation en xnview.exe+0x3125D6.

29 Dec 2023, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-29 04:15

Updated : 2024-01-04 23:35

NVD link : CVE-2023-52174

Mitre link : CVE-2023-52174

CVE.ORG link : CVE-2023-52174

JSON object : View

Products Affected

xnview

  • xnview_classic
CWE
CWE-787

Out-of-bounds Write