CVE-2013-3941

Name of the Vulnerable Software and Affected Versions: XnView versions prior to 2.13

Description: The issue allows remote attackers to execute arbitrary code via two methods: (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.

Recommendations: For versions prior to 2.13, update to version 2.13 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted JPEG2000 files that could trigger the heap-based buffer overflow. Restrict access to the Xjp2.dll module to minimize the risk of exploitation.