[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] XNSoft Nconvert 7.136 - Multiple Vulnerabilities
From: <michele () toccagni ! info>
Date: 2023-10-13 13:57:53
Message-ID: 005b01d9fddd$4657cfe0$d3076fa0$ () toccagni ! info
[Download RAW message or body]
XNSoft Nconvert 7.136 - Multiple Vulnerabilities
============================================================================
===
Identifiers
-------------------------------------------------
1. CVE-2023-43250
2. CVE-2023-43251
3. CVE-2023-43252
CVSSv3.1 score
-------------------------------------------------
1. CVE-2023-43250: 7.8 -
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/U
I:R/S:U/C:H/I:H/A:H&version=3.1
2. CVE-2023-43251: 7.8 -
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/U
I:R/S:U/C:H/I:H/A:H&version=3.1
3. CVE-2023-43252: 7.8 -
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/U
I:R/S:U/C:H/I:H/A:H&version=3.1
Vendor
-------------------------------------------------
XnSoft - https://www.xnview.com/en/nconvert/
Product
-------------------------------------------------
NConvert is a powerful command line multi-platform batch image processor
with more than 80 commands. Compatible with 500 image formats.
Affected versions
-------------------------------------------------
All versions prior to NConvert 7.155 for Windows.
Credit
-------------------------------------------------
Michele Toccagni - toccagni.info
Vulnerability summary
-------------------------------------------------
1. CVE-2023-43250: XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow.
There is a User Mode Write AV via a crafted image file. Attackers could
exploit this issue for a Denial of Service (DoS) or possibly to achieve code
execution.
2. CVE-2023-43251: XNSoft Nconvert 7.136 has an Exception Handler Chain
Corrupted via a crafted image file. Attackers could exploit this issue for a
Denial of Service (DoS) or possibly to achieve code execution.
3. CVE-2023-43252: XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow
via a crafted image file. Attackers could exploit this issue for a Denial of
Service (DoS) or possibly to achieve code execution.
Proof of concept
-------------------------------------------------
1. CVE-2023-43250:
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/User%20Mode%20
Write%20AV
2. CVE-2023-43251:
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/SEH
3. CVE-2023-43252:
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/Stack%20Buffer
%20Overrun
Solution
-------------------------------------------------
Upgrade to NConvert 7.155.
Timeline
-------------------------------------------------
Date | Status
-----------------|---------------------
21-JUL-2023 | Reported to vendor
22-JUL-2023 | Vendor asked for details
22-JUL-2023 | Details sent to the vendor
08-SEP-2023 | Vulnerabilities fixed
12-SEP-2023 | Public Disclosure
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic