XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2023/Oct/15 | Exploit Mailing List Third Party Advisory |
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/SEH | Exploit Third Party Advisory |
https://www.xnview.com/en/nconvert/ | Product |
Configurations
History
25 Oct 2023, 10:14
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:a:xnview:nconvert:7.136:*:*:*:*:*:*:* | |
CWE | CWE-755 | |
First Time |
Xnview
Xnview nconvert |
|
References | (MISC) https://www.xnview.com/en/nconvert/ - Product | |
References | (MISC) http://packetstormsecurity.com/files/175145/XNSoft-Nconvert-7.136-Buffer-Overflow-Denial-Of-Service.html - Third Party Advisory, VDB Entry | |
References | (MISC) http://seclists.org/fulldisclosure/2023/Oct/15 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/SEH - Exploit, Third Party Advisory |
19 Oct 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-19 15:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-43251
Mitre link : CVE-2023-43251
CVE.ORG link : CVE-2023-43251
JSON object : View
Products Affected
xnview
- nconvert
CWE
CWE-755
Improper Handling of Exceptional Conditions