| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <005b01d9fddd$4657cfe0$d3076fa0$@toccagni.info> Date: Fri, 13 Oct 2023 15:57:53 +0200 From: <michele@...cagni.info> To: <fulldisclosure@...lists.org> Subject: [FD] XNSoft Nconvert 7.136 - Multiple Vulnerabilities XNSoft Nconvert 7.136 - Multiple Vulnerabilities ============================================================================ === Identifiers ------------------------------------------------- 1. CVE-2023-43250 2. CVE-2023-43251 3. CVE-2023-43252 CVSSv3.1 score ------------------------------------------------- 1. CVE-2023-43250: 7.8 - https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/U I:R/S:U/C:H/I:H/A:H&version=3.1 2. CVE-2023-43251: 7.8 - https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/U I:R/S:U/C:H/I:H/A:H&version=3.1 3. CVE-2023-43252: 7.8 - https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/U I:R/S:U/C:H/I:H/A:H&version=3.1 Vendor ------------------------------------------------- XnSoft - https://www.xnview.com/en/nconvert/ Product ------------------------------------------------- NConvert is a powerful command line multi-platform batch image processor with more than 80 commands. Compatible with 500 image formats. Affected versions ------------------------------------------------- All versions prior to NConvert 7.155 for Windows. Credit ------------------------------------------------- Michele Toccagni - toccagni.info Vulnerability summary ------------------------------------------------- 1. CVE-2023-43250: XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. 2. CVE-2023-43251: XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. 3. CVE-2023-43252: XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. Proof of concept ------------------------------------------------- 1. CVE-2023-43250: https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/User%20Mode%20 Write%20AV 2. CVE-2023-43251: https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/SEH 3. CVE-2023-43252: https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/Stack%20Buffer %20Overrun Solution ------------------------------------------------- Upgrade to NConvert 7.155. Timeline ------------------------------------------------- Date | Status -----------------|--------------------- 21-JUL-2023 | Reported to vendor 22-JUL-2023 | Vendor asked for details 22-JUL-2023 | Details sent to the vendor 08-SEP-2023 | Vulnerabilities fixed 12-SEP-2023 | Public Disclosure _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists