CVE-2012-0277

XnView < 1.99 - Heap-Based Buffer Overflow via Crafted PCT Image

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0277. PoCs published by Francis Provencher.

AI-analyzed exploit summary This is a writeup describing a heap-based buffer overflow vulnerability in XnView when processing PCT images. The exploit details are provided, but no actual exploit code is included in the text.

Description

Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Francis Provencher · textdoswindows

https://www.exploit-db.com/exploits/19336

View Code ZIP pw:eip

This is a writeup describing a heap-based buffer overflow vulnerability in XnView when processing PCT images. The exploit details are provided, but no actual exploit code is included in the text.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: XnView 1.98.8

No auth needed

Prerequisites: A maliciously crafted PCT image file

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/19336

Various Sources x_refsource_confirm

http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48666

Various Sources x_refsource_misc

http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=50

Scores

EPSS 0.0801

EPSS Percentile 94.0%

Details

CWE

CWE-119

Status published

Products (1)

xnview/xnview < 1.98.8

Published Jul 17, 2012

Tracked Since Feb 18, 2026