CVE-2017-14274

Name of the Vulnerable Software and Affected Versions XnView Classic for Windows version 2.40

Description The issue allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file. It is related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706."

Recommendations For XnView Classic for Windows version 2.40, consider avoiding the use of .jb2 files until a patch is available. As a temporary workaround, restrict the execution of arbitrary code by limiting the access to the jbig2dec module. At the moment, there is no information about a newer version that contains a fix for this vulnerability.