CVE-2009-4001
UnknownEPSS 4.61%
Last modified
CVE-2009-4001 is a vulnerability of currently unknown severity. Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.. EPSS estimates a 4.61% chance of exploitation in the next 30 days.
Description
Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Xnview | Xnview | <= 1.97.1 | — |
| Xnview | Xnview | 1.0 | A |
| Xnview | Xnview | 1.01 | — |
| Xnview | Xnview | 1.02 | — |
| Xnview | Xnview | 1.03 | — |
| Xnview | Xnview | 1.04 | — |
| Xnview | Xnview | 1.05 | — |
| Xnview | Xnview | 1.06 | — |
| Xnview | Xnview | 1.07 | — |
| Xnview | Xnview | 1.08 | — |
| Xnview | Xnview | 1.09 | — |
| Xnview | Xnview | 1.10 | — |
| Xnview | Xnview | 1.11 | — |
| Xnview | Xnview | 1.12 | — |
| Xnview | Xnview | 1.13 | — |
| Xnview | Xnview | 1.14 | — |
| Xnview | Xnview | 1.15 | — |
| Xnview | Xnview | 1.16 | — |
| Xnview | Xnview | 1.17 | — |
| Xnview | Xnview | 1.18 | — |
| Xnview | Xnview | 1.18.1 | — |
| Xnview | Xnview | 1.19 | — |
| Xnview | Xnview | 1.20 | — |
| Xnview | Xnview | 1.21 | — |
| Xnview | Xnview | 1.22 | — |
| Xnview | Xnview | 1.23 | — |
| Xnview | Xnview | 1.24 | — |
| Xnview | Xnview | 1.25 | — |
| Xnview | Xnview | 1.30 | — |
| Xnview | Xnview | 1.31 | — |
| Xnview | Xnview | 1.32 | — |
| Xnview | Xnview | 1.33 | — |
| Xnview | Xnview | 1.34 | — |
| Xnview | Xnview | 1.35 | — |
| Xnview | Xnview | 1.36 | — |
| Xnview | Xnview | 1.37 | — |
| Xnview | Xnview | 1.40 | — |
| Xnview | Xnview | 1.41 | — |
| Xnview | Xnview | 1.45 | — |
| Xnview | Xnview | 1.46 | — |
| Xnview | Xnview | 1.50 | — |
| Xnview | Xnview | 1.50.1 | — |
| Xnview | Xnview | 1.55 | — |
| Xnview | Xnview | 1.60 | — |
| Xnview | Xnview | 1.61 | — |
| Xnview | Xnview | 1.65 | — |
| Xnview | Xnview | 1.66 | — |
| Xnview | Xnview | 1.67 | — |
| Xnview | Xnview | 1.68 | — |
| Xnview | Xnview | 1.68.1 | — |
Showing 50 of 94 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-4001?
Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.
How severe is CVE-2009-4001?
Severity scoring for CVE-2009-4001 is pending analysis. The EPSS model estimates a 4.61% probability of exploitation in the next 30 days.
How do I fix CVE-2009-4001?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2009-4001?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST