CVE-2013-3938

Name of the Vulnerable Software and Affected Versions XnView version 2.13

Description The issue is related to an integer overflow in the xnview.exe component of XnView, which can be triggered by a large NUM ELEMENTS field in an IFD ENTRY structure in a JXR file. This can lead to a heap-based buffer overflow, allowing remote attackers to execute arbitrary code.

Recommendations For XnView version 2.13, consider updating to a newer version that addresses this issue, as using a large NUM ELEMENTS field in an IFD ENTRY structure in a JXR file can trigger the overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.