CVE-2012-4988

Name of the Vulnerable Software and Affected Versions XnView versions 1.99 through 1.99.1

Description The issue is related to a heap-based buffer overflow in the xjpegls.dll format plugin, which handles JLS (JPEG-LS or JPEG lossless) images. This allows remote attackers to execute arbitrary code via a crafted JLS image file.

Recommendations For XnView versions 1.99 through 1.99.1, consider disabling the xjpegls.dll plugin to prevent exploitation until a patch is available. Restrict access to handling JLS image files in XnView to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.