Vulnerabilities > CVE-2020-23886 - Out-of-bounds Write vulnerability in Xnview MP

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

xnview

CWE-787

NVD

Published: 2021-11-10

Updated: 2022-10-26

Summary

XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree.

Vulnerable Configurations

Part	Description	Count
Application	Xnview Xnview Xnview MP 0.91 Xnview Xnview MP 0.92 Xnview Xnview MP 0.93 Xnview Xnview MP 0.93.1 Xnview Xnview MP 0.96.4	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/Aurorainfinity/vulnerabilities/tree/master/xnviewmp
https://www.xnview.com/en/xnviewmp/
https://cwe.mitre.org/data/definitions/122.html