PT-2005-5263 · Xnsoft+1 · Xnview+1

Krzysiek Pawlik

Published

2005-12-31

Updated

2017-07-20

CVE-2005-4595

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions XnView version 1.70 NView version 4.51

Description The issue is related to an untrusted search path vulnerability, specifically an RPATH vulnerability, which allows local users to execute arbitrary code. This can be achieved by placing a malicious library in the current working directory.

Recommendations For XnView version 1.70, update to a version that fixes the RPATH vulnerability. For NView version 4.51, update to a version that fixes the RPATH vulnerability. As a temporary workaround, consider restricting the execution of libraries from untrusted sources in the current working directory until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4595

Affected Products

Nview

Xnview

PT-2005-5263 · Xnsoft+1 · Xnview+1

CVE-2005-4595

Related Identifiers

Affected Products

References · 9