CVE-2017-9898

HIGH

XnView Classic 2.40 - Remote Code Execution via Crafted .fpx File

Title source: llm

Description

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x0000000000004cbb."

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9898

Scores

CVSS v3 7.8

EPSS 0.0067

EPSS Percentile 71.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

xnview/xnview 2.40

Published Jul 05, 2017

Tracked Since Feb 18, 2026