CVE-2019-9963

Name of the Vulnerable Software and Affected Versions XnView MP version 0.93.1

Description The issue allows remote attackers to cause a denial of service, potentially leading to an application crash, or possibly have other unspecified impacts via a crafted file. This is related to the ntdll!RtlFreeHeap function.

Recommendations For XnView MP version 0.93.1, consider avoiding the use of crafted files that may trigger the denial of service until a patch is available. As a temporary workaround, restrict the opening of files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.