Denial of Service and Potential Remote Code Execution in XnView Classic for Windows Version 2.40 via Crafted .jb2 File

Denial of Service and Potential Remote Code Execution in XnView Classic for Windows Version 2.40 via Crafted .jb2 File

CVE-2017-14281 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1."

Learn more about our Web Application Penetration Testing UK.