CVE-2017-15803

Name of the Vulnerable Software and Affected Versions XnView Classic for Windows version 2.43

Description The issue allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon. This is related to the use of data from a faulting address as arguments in a subsequent function call.

Recommendations For XnView Classic for Windows version 2.43, consider avoiding the use of crafted .dll files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.