XnView 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は バッファオーバーフロー and vendor risk memory corruption に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で アプリケーションクラッシュ and vendor impact memory corruption などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-30007 | XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file | [email protected] | 6.2 | 0.16% | 2026-03-23 | 2026-06-17 |
| CVE-2026-30006 | XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file. | [email protected] | 6.2 | 0.16% | 2026-03-23 | 2026-06-17 |
| CVE-2024-11950 | XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result | [email protected] | 8.8 | 0.49% | 2024-12-11 | 2026-06-17 |
| CVE-2024-22532 | Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file. | [email protected] | 6.5 | 1.13% | 2024-02-28 | 2026-06-17 |
| CVE-2023-52174 | XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6. | [email protected] | 9.8 | 0.74% | 2023-12-28 | 2026-06-17 |
| CVE-2023-52173 | XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0. | [email protected] | 9.8 | 0.58% | 2023-12-28 | 2026-06-17 |
| CVE-2023-46587 | Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file. | [email protected] | 7.8 | 0.20% | 2023-10-27 | 2026-06-17 |
| CVE-2023-43251 | XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | [email protected] | 7.8 | 0.54% | 2023-10-19 | 2026-06-17 |
| CVE-2023-43252 | XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file. | [email protected] | 7.8 | 0.52% | 2023-10-19 | 2026-06-17 |
| CVE-2023-43250 | XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. | [email protected] | 7.8 | 0.62% | 2023-10-18 | 2026-06-17 |
| CVE-2021-28835 | Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file. | [email protected] | 7.8 | 0.32% | 2023-08-11 | 2026-06-16 |
| CVE-2021-28427 | Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file. | [email protected] | 7.8 | 0.25% | 2023-08-11 | 2026-06-16 |
| CVE-2020-23887 | XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33. | [email protected] | 5.5 | 0.70% | 2021-11-10 | 2026-06-16 |
| CVE-2020-23886 | XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree. | [email protected] | 5.5 | 0.95% | 2021-11-10 | 2026-06-16 |
| CVE-2013-3493 | XnView 2.03 has an integer overflow vulnerability | [email protected] | 9.8 | 1.62% | 2020-01-27 | 2026-06-16 |
| CVE-2013-3492 | XnView 2.03 has a stack-based buffer overflow vulnerability | [email protected] | 9.8 | 1.54% | 2020-01-27 | 2026-06-16 |
| CVE-2013-3941 | Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow. | [email protected] | 9.8 | 2.76% | 2020-01-02 | 2026-06-16 |
| CVE-2013-3939 | xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow. | [email protected] | 7.8 | 1.73% | 2020-01-02 | 2026-06-16 |
| CVE-2013-3937 | Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file. | [email protected] | 7.8 | 1.75% | 2020-01-02 | 2026-06-16 |
| CVE-2013-3247 | Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file. | [email protected] | 7.8 | 2.40% | 2020-01-02 | 2026-06-16 |