[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : XnView 1.98.8 TIFF Image Processing Heap Overflow
# Published : 2012-06-22
# Author :
# Previous Title : Linux Kernel fs/eventpoll.c Local Denial of Service
# Next Title : ACDSee PRO 5.1 RLE Image Processing Heap Overflow
#####################################################################################
Application: XnView TIFF Image Processing Heap Overflow
Platforms: Windows
Secunia: SA48666
{PRL}: 2012-16
Author: Francis Provencher (Protek Research Lab's)
Website: http://www.protekresearchlab.com/
Twitter: @ProtekResearch
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) The Code
#####################################################################################
===============
1) Introduction
===============
XnView is a cross-platform image viewer used for viewing, converting, organising and editing graphical & video files.
It is free of charge for private, educational and non-profit organisations. For commercial use and distribution,
the user must register the program. It is popular with users as it provides features normally found only
in commercial image viewers.
(http://en.wikipedia.org/wiki/XnView)
#####################################################################################
============================
2) Report Timeline
============================
2012-05-15 Vulnerability reported to Secunia
2012-06-21 Vendor disclose patch
#####################################################################################
============================
3) Technical details
============================
Insufficient validation when decompressing SGI32LogLum compressed TIFF
images where the PhotometricInterpretation encoding is set to LogL can
be exploited to cause a heap-based buffer overflow.
The vulnerabilities are confirmed in version 1.98.8. Other versions may also be affected
#####################################################################################
===========
4) The Code
===========
http://protekresearchlab.com/exploits/PRL-2012-16.tiff
http://www.exploit-db.com/sploits/19337.tiff