Vulnerabilities > CVE-2023-43251 - Improper Handling of Exceptional Conditions vulnerability in Xnview Nconvert 7.136

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

xnview

CWE-755

NVD

Published: 2023-10-19

Updated: 2023-10-25

Summary

XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.

Vulnerable Configurations

Part	Description	Count
Application	Xnview Xnview Nconvert 7.136	1

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

https://www.xnview.com/en/nconvert/
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/SEH
http://seclists.org/fulldisclosure/2023/Oct/15
http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html