CVE-2010-1932

XnView 1.97.4 - Heap-Based Buffer Overflow via MultiBitMap Paint Data Section

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1932. PoCs published by Mauro Olea.

AI-analyzed exploit summary The provided text describes a heap-based buffer overflow vulnerability in XnView versions prior to 1.97.5, which can lead to remote code execution or denial-of-service. The actual exploit code is not included; only a reference to a binary exploit is provided.

Description

Heap-based buffer overflow in XnView 1.97.4 and possibly earlier allows remote attackers to execute arbitrary code via a MultiBitMap (MBM) file with a Paint Data Section that contains a malformed Encoding field.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Mauro Olea · textremotewindows
https://www.exploit-db.com/exploits/34143

The provided text describes a heap-based buffer overflow vulnerability in XnView versions prior to 1.97.5, which can lead to remote code execution or denial-of-service. The actual exploit code is not included; only a reference to a binary exploit is provided.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: XnView < 1.97.5
No auth needed
Prerequisites: Victim must open a maliciously crafted file
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59421
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1468
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40141
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40852
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024100

Scores

EPSS 0.1076
EPSS Percentile 95.3%

Details

CWE
CWE-119
Status published
Products (1)
xnview/xnview 1.97.4
Published Jun 16, 2010
Tracked Since Feb 18, 2026