[<prev] [next>] [day] [month] [year] [list]
Message-ID: <005b01d9fddd$4657cfe0$d3076fa0$@toccagni.info>
Date: Fri, 13 Oct 2023 15:57:53 +0200
From: <michele@...cagni.info>
To: <fulldisclosure@...lists.org>
Subject: [FD] XNSoft Nconvert 7.136 - Multiple Vulnerabilities
XNSoft Nconvert 7.136 - Multiple Vulnerabilities
============================================================================
===
Identifiers
-------------------------------------------------
1. CVE-2023-43250
2. CVE-2023-43251
3. CVE-2023-43252
CVSSv3.1 score
-------------------------------------------------
1. CVE-2023-43250: 7.8 -
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/U
I:R/S:U/C:H/I:H/A:H&version=3.1
2. CVE-2023-43251: 7.8 -
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/U
I:R/S:U/C:H/I:H/A:H&version=3.1
3. CVE-2023-43252: 7.8 -
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/U
I:R/S:U/C:H/I:H/A:H&version=3.1
Vendor
-------------------------------------------------
XnSoft - https://www.xnview.com/en/nconvert/
Product
-------------------------------------------------
NConvert is a powerful command line multi-platform batch image processor
with more than 80 commands. Compatible with 500 image formats.
Affected versions
-------------------------------------------------
All versions prior to NConvert 7.155 for Windows.
Credit
-------------------------------------------------
Michele Toccagni - toccagni.info
Vulnerability summary
-------------------------------------------------
1. CVE-2023-43250: XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow.
There is a User Mode Write AV via a crafted image file. Attackers could
exploit this issue for a Denial of Service (DoS) or possibly to achieve code
execution.
2. CVE-2023-43251: XNSoft Nconvert 7.136 has an Exception Handler Chain
Corrupted via a crafted image file. Attackers could exploit this issue for a
Denial of Service (DoS) or possibly to achieve code execution.
3. CVE-2023-43252: XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow
via a crafted image file. Attackers could exploit this issue for a Denial of
Service (DoS) or possibly to achieve code execution.
Proof of concept
-------------------------------------------------
1. CVE-2023-43250:
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/User%20Mode%20
Write%20AV
2. CVE-2023-43251:
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/SEH
3. CVE-2023-43252:
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/Stack%20Buffer
%20Overrun
Solution
-------------------------------------------------
Upgrade to NConvert 7.155.
Timeline
-------------------------------------------------
Date | Status
-----------------|---------------------
21-JUL-2023 | Reported to vendor
22-JUL-2023 | Vendor asked for details
22-JUL-2023 | Details sent to the vendor
08-SEP-2023 | Vulnerabilities fixed
12-SEP-2023 | Public Disclosure
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists