CVE-2007-2194

Name of the Vulnerable Software and Affected Versions: XnView versions 1.90.3 XnView versions prior to 1.70

Description: The issue is related to a stack-based buffer overflow that allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations: For XnView version 1.90.3, update to a version that fixes the stack-based buffer overflow issue. For XnView versions prior to 1.70, update to a version that fixes the stack-based buffer overflow issue. As a temporary workaround, consider avoiding the use of crafted XPM files with long section strings until a patch is available.