CVE-2012-1051

Name of the Vulnerable Software and Affected Versions XnView version 1.98.5

Description A heap-based buffer overflow issue exists in the Xjp2.dll component of the JPEG2000 plug-in. This issue can be triggered by a specially crafted JPEG2000 (JP2) file that contains a malicious Quantization Default (QCD) marker segment, potentially allowing remote attackers to execute arbitrary code.

Recommendations For XnView version 1.98.5, consider disabling the JPEG2000 plug-in or avoiding the use of the Xjp2.dll component until a patch is available. Restrict access to JP2 files to minimize the risk of exploitation.