Multiple vulnerabilities have been discovered in XnView, which can be exploited by malicious people to compromise a user's system.

1) An error in the JPEG2000 plug-in (Xjp2.dll) when processing the Quantization Default (QCD) marker segment can be exploited to cause a heap-based buffer overflow via a specially crafted JPEG2000 (JP2) file.

This may be related to vulnerability #3:
SA47175

2) An error when processing RGBQUAD structures from a ICO file can be exploited to cause a heap-based buffer overflow via specially crafted height, width, and bits per pixel values.

3) An error when loading image data from a PCX file can be exploited to cause a heap-based buffer overflow via specially crafted bits per pixel and image dimension values.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.

The vulnerabilities are confirmed in version 1.98.5 and 1.99. Other versions may also be affected.

Solution
Upgrade to version 2.00.

Provided and/or discovered by
1) Parvez Anwar via Secunia
2, 3) Luigi Auriemma

Changelog
Further details available to Secunia VIM customers

Original Advisory
XnView:
http://newsgroup.xnview.com/viewtopic.php?f=35&t=27814

Luigi Auriemma:
http://aluigi.altervista.org/adv/xnview_1-adv.txt

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers