| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability alert CVE-2012-1051
XnView: buffer overflow via JPEG2000
Synthesis of the vulnerability
| An attacker can invite the victim to open a malicious JPEG2000 image with XnView, in order to stop it or to execute code. |
Severity: 3/4.
Creation date: 08/02/2012.
|
Impacted products
Description of the vulnerability
The XnView software displays and converts images in various formats.
The JPEG 2000 norm (extension .JP2) defines a compressed image format, based on JPEG.
The quantization stage in the compression of a JPEG image ignores high frequency components (small variations).
When an image contains long QCD (Quantization Default) data, a buffer overflow occurs in Xjp2.dll. Technical details are unknown. This vulnerability may have the same origin than VIGILANCE-VUL-11345.
An attacker can therefore invite the victim to open a malicious JPEG2000 image with XnView, in order to stop it or to execute code. |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: XnView: buffer overflow via JPEG2000.
Keywords: 2000 Default JPEG JPEG2000 QCD Quantization Xjp2 XnView buffer overflow.
Identifiers: BID-51896, CVE-2012-1051, SA47352, VIGILANCE-VUL-11346.
|
Information sources
Computer vulnerabilities tracking service
Vigil@nce provides a networks vulnerabilities alert. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.
|
