Full Disclosure mailing list archives

XNSoft Nconvert 7.136 - Multiple Vulnerabilities

============================================================================
===

 

Identifiers

-------------------------------------------------

1. CVE-2023-43250

2. CVE-2023-43251

3. CVE-2023-43252

 

 

CVSSv3.1 score

-------------------------------------------------

1. CVE-2023-43250: 7.8 -
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/U
I:R/S:U/C:H/I:H/A:H&version=3.1

2. CVE-2023-43251: 7.8 -
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/U
I:R/S:U/C:H/I:H/A:H&version=3.1

3. CVE-2023-43252: 7.8 -
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/U
I:R/S:U/C:H/I:H/A:H&version=3.1

 

 

Vendor

-------------------------------------------------

XnSoft - https://www.xnview.com/en/nconvert/

 

 

Product

-------------------------------------------------

NConvert is a powerful command line multi-platform batch image processor
with more than 80 commands. Compatible with 500 image formats. 

 

 

Affected versions

-------------------------------------------------

All versions prior to NConvert 7.155 for Windows.

 

 

Credit

-------------------------------------------------

Michele Toccagni - toccagni.info

 

 

Vulnerability summary

-------------------------------------------------

1. CVE-2023-43250: XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow.
There is a User Mode Write AV via a crafted image file. Attackers could
exploit this issue for a Denial of Service (DoS) or possibly to achieve code
execution.

2. CVE-2023-43251: XNSoft Nconvert 7.136 has an Exception Handler Chain
Corrupted via a crafted image file. Attackers could exploit this issue for a
Denial of Service (DoS) or possibly to achieve code execution.

3. CVE-2023-43252: XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow
via a crafted image file. Attackers could exploit this issue for a Denial of
Service (DoS) or possibly to achieve code execution.

 

 

Proof of concept

-------------------------------------------------

1. CVE-2023-43250:
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/User%20Mode%20
Write%20AV

2. CVE-2023-43251:
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/SEH

3. CVE-2023-43252:
https://github.com/mrtouch93/exploits/tree/main/NConvert7.136/Stack%20Buffer
%20Overrun

 

Solution

-------------------------------------------------

Upgrade to NConvert 7.155.

 

Timeline

-------------------------------------------------

Date              | Status

-----------------|---------------------

21-JUL-2023 | Reported to vendor

22-JUL-2023 | Vendor asked for details

22-JUL-2023 | Details sent to the vendor

08-SEP-2023 | Vulnerabilities fixed

12-SEP-2023 | Public Disclosure

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

• XNSoft Nconvert 7.136 - Multiple Vulnerabilities michele (Oct 16)