CVE-2009-4001: Buffer Overflow
First published: Fri Mar 12 2010(Updated: )
Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| XnView | =1.80.1 | |
| XnView | =1.08 | |
| XnView | =1.55 | |
| XnView | =1.93.2 | |
| XnView | =1.30 | |
| XnView | =1.92.1 | |
| XnView | =1.32 | |
| XnView | =1.25 | |
| XnView | =1.91 | |
| XnView | =1.05-b | |
| XnView | =1.95.3 | |
| XnView | =1.50.1 | |
| XnView | =1.93.6 | |
| XnView | =1.90.3 | |
| XnView | =1.09 | |
| XnView | =1.01 | |
| XnView | =1.17 | |
| XnView | =1.93.3 | |
| XnView | =1.05 | |
| XnView | =1.93.1 | |
| XnView | =1.80.3 | |
| XnView | =1.41 | |
| XnView | =1.35 | |
| XnView | =1.23 | |
| XnView | =1.94.1 | |
| XnView | =1.40 | |
| XnView | =1.07 | |
| XnView | =1.60 | |
| XnView | =1.70.2 | |
| XnView | =1.70 | |
| XnView | =1.17-a | |
| XnView | =1.21 | |
| XnView | =1.92 | |
| XnView | =1.16 | |
| XnView | =1.14 | |
| XnView | =1.90 | |
| XnView | =1.95.4 | |
| XnView | =1.04 | |
| XnView | =1.94.2 | |
| XnView | =1.18.1 | |
| XnView | =1.37 | |
| XnView | =1.90.1 | |
| XnView | =1.19 | |
| XnView | =1.61 | |
| XnView | =1.80 | |
| XnView | =1.96.5 | |
| XnView | =1.68 | |
| XnView | =1.82.2 | |
| XnView | =1.05-c | |
| XnView | =1.02 | |
| XnView | =1.91.1 | |
| XnView | =1.12 | |
| XnView | =1.91.2 | |
| XnView | =1.25-a | |
| XnView | =1.15 | |
| XnView | =1.97 | |
| XnView | =1.46 | |
| XnView | =1.91.3 | |
| XnView | =1.96 | |
| XnView | =1.24 | |
| XnView | =1.67 | |
| XnView | =1.20 | |
| XnView | =1.91.5 | |
| XnView | =1.33 | |
| XnView | =1.93.4 | |
| XnView | =1.95.2 | |
| XnView | =1.18 | |
| XnView | =1.82.4 | |
| XnView | =1.50 | |
| XnView | =1.45 | |
| XnView | =1.93 | |
| XnView | =1.0-a | |
| XnView | =1.91.4 | |
| XnView | =1.13 | |
| XnView | <=1.97.1 | |
| XnView | =1.96.1 | |
| XnView | =1.22 | |
| XnView | =1.66 | |
| XnView | =1.70.3 | |
| XnView | =1.65 | |
| XnView | =1.74 | |
| XnView | =1.10 | |
| XnView | =1.34 | |
| XnView | =1.95 | |
| XnView | =1.31 | |
| XnView | =1.91.6 | |
| XnView | =1.94 | |
| XnView | =1.95.1 | |
| XnView | =1.82 | |
| XnView | =1.80.2 | |
| XnView | =1.68.1 | |
| XnView | =1.03 | |
| XnView | =1.36 | |
| XnView | =1.70.4 | |
| XnView | =1.11 | |
| XnView | =1.82.3 | |
| XnView | =1.06 | |
| XnView | =1.96.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-4001?
CVE-2009-4001 has been classified with a high severity due to its potential for remote code execution.
How do I fix CVE-2009-4001?
To mitigate CVE-2009-4001, upgrade XnView to version 1.97.2 or later, as this version addresses the vulnerability.
What types of attacks can exploit CVE-2009-4001?
CVE-2009-4001 can be exploited by sending a specially crafted DICOM image that triggers an integer overflow, leading to arbitrary code execution.
Which versions of XnView are affected by CVE-2009-4001?
CVE-2009-4001 affects multiple versions of XnView prior to 1.97.2, including versions as low as 1.0-a.
What is the nature of the vulnerability described in CVE-2009-4001?
CVE-2009-4001 is an integer overflow vulnerability that can lead to a heap-based buffer overflow in XnView.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/xnview
- canonical/xnview
- version/xnview/1.80.1
- version/xnview/1.08
- version/xnview/1.55
- version/xnview/1.93.2
- version/xnview/1.30
- version/xnview/1.92.1
- version/xnview/1.32
- version/xnview/1.25
- version/xnview/1.91
- version/xnview/1.05-b
- version/xnview/1.95.3
- version/xnview/1.50.1
- version/xnview/1.93.6
- version/xnview/1.90.3
- version/xnview/1.09
- version/xnview/1.01
- version/xnview/1.17
- version/xnview/1.93.3
- version/xnview/1.05
- version/xnview/1.93.1
- version/xnview/1.80.3
- version/xnview/1.41
- version/xnview/1.35
- version/xnview/1.23
- version/xnview/1.94.1
- version/xnview/1.40
- version/xnview/1.07
- version/xnview/1.60
- version/xnview/1.70.2
- version/xnview/1.70
- version/xnview/1.17-a
- version/xnview/1.21
- version/xnview/1.92
- version/xnview/1.16
- version/xnview/1.14
- version/xnview/1.90
- version/xnview/1.95.4
- version/xnview/1.04
- version/xnview/1.94.2
- version/xnview/1.18.1
- version/xnview/1.37
- version/xnview/1.90.1
- version/xnview/1.19
- version/xnview/1.61
- version/xnview/1.80
- version/xnview/1.96.5
- version/xnview/1.68
- version/xnview/1.82.2
- version/xnview/1.05-c
- version/xnview/1.02
- version/xnview/1.91.1
- version/xnview/1.12
- version/xnview/1.91.2
- version/xnview/1.25-a
- version/xnview/1.15
- version/xnview/1.97
- version/xnview/1.46
- version/xnview/1.91.3
- version/xnview/1.96
- version/xnview/1.24
- version/xnview/1.67
- version/xnview/1.20
- version/xnview/1.91.5
- version/xnview/1.33
- version/xnview/1.93.4
- version/xnview/1.95.2
- version/xnview/1.18
- version/xnview/1.82.4
- version/xnview/1.50
- version/xnview/1.45
- version/xnview/1.93
- version/xnview/1.0-a
- version/xnview/1.91.4
- version/xnview/1.13
- version/xnview/1.97.1
- version/xnview/1.96.1
- version/xnview/1.22
- version/xnview/1.66
- version/xnview/1.70.3
- version/xnview/1.65
- version/xnview/1.74
- version/xnview/1.10
- version/xnview/1.34
- version/xnview/1.95
- version/xnview/1.31
- version/xnview/1.91.6
- version/xnview/1.94
- version/xnview/1.95.1
- version/xnview/1.82
- version/xnview/1.80.2
- version/xnview/1.68.1
- version/xnview/1.03
- version/xnview/1.36
- version/xnview/1.70.4
- version/xnview/1.11
- version/xnview/1.82.3
- version/xnview/1.06
- version/xnview/1.96.2