CVE-2020-23886
First published: Wed Nov 10 2021(Updated: )
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xnview Xnview Mp | <=0.96.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-23886?
CVE-2020-23886 is a vulnerability in XnView MP v0.96.4 that allows attackers to cause a denial of service (DoS) via a crafted pict file.
What is the severity of CVE-2020-23886?
The severity of CVE-2020-23886 is medium with a CVSS score of 5.5.
How can an attacker exploit CVE-2020-23886?
An attacker can exploit CVE-2020-23886 by sending a specially crafted pict file to the vulnerable XnView MP software, causing a heap overflow and leading to a denial of service (DoS) condition.
Is there a fix available for CVE-2020-23886?
At the moment, there is no known fix or patch available for CVE-2020-23886. It is recommended to update to the latest version of XnView MP when a fix becomes available.
Where can I find more information about CVE-2020-23886?
More information about CVE-2020-23886 can be found on the CWE website, GitHub page for vulnerabilities, and the XnView website.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/xnview
- canonical/xnview xnview mp
- version/xnview xnview mp/0.96.4