CVE-2009-4001
XnView < 1.97.2 - Remote Code Execution via DICOM Image Dimensions
Title source: llmDescription
Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.
References (6)
Core 6
Core References
Third Party Advisory x_refsource_misc
http://secunia.com/secunia_research/2009-60/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/509999/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56802
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38629
Patch x_refsource_confirm
http://newsgroup.xnview.com/viewtopic.php?f=35&t=19469
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/62829
Scores
EPSS
0.1214
EPSS Percentile
93.9%
Details
CWE
CWE-189
Status
published
Products (46)
xnview/xnview
1.0 a
xnview/xnview
1.01
xnview/xnview
1.02
xnview/xnview
1.03
xnview/xnview
1.04
xnview/xnview
1.05 (3 CPE variants)
xnview/xnview
1.06
xnview/xnview
1.07
xnview/xnview
1.08
xnview/xnview
1.09
... and 36 more
Published
Mar 15, 2010
Tracked Since
Feb 18, 2026