CVE-2017-15801

Name of the Vulnerable Software and Affected Versions XnView Classic for Windows version 2.43

Description The issue allows attackers to cause a denial of service or possibly have other unspecified impacts via a crafted .dll file. This occurs when the .dll file is mishandled during an attempt to render the DLL icon. The problem is related to "Data from Faulting Address controls Branch Selection starting at ntdll 77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e."

Recommendations For XnView Classic for Windows version 2.43, consider avoiding the use of crafted .dll files to minimize the risk of exploitation. As a temporary workaround, restrict the rendering of DLL icons until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.