XNView MP 1.6.4 - Vulnerability in OpenSSL 1.1.1 - CVE-2021-3711

Older bugs which are supposed to be fixed in 0.84. *** Please try to reproduce your bug and confirm the bug fix. ***

Moderators: XnTriq, helmut, xnview, Dreamer

z8mail
Posts: 1
Joined: Thu Feb 15, 2024 12:38 pm

XNView MP 1.6.4 - Vulnerability in OpenSSL 1.1.1 - CVE-2021-3711

Post by z8mail »

Hello,

The library “The OpenSSL Toolkit” used by XNView MP 1.6.4 has a critical vulnerability (rating 9.8):
Vulnerability in OpenSSL 1.1.1 up to 1.1.1k (CVE-2021-3711)
CVE-2021-3711
https://cve.mitre.org/cgi-bin/cvename.c ... -2021-3711

The vulnerability is in the file used:
C:\Program Files\XnViewMP\libssl-1_1-x64.dll

Please provide an update.

Kind regards,

z8mail
User avatar
xnview
Author of XnView
Posts: 43833
Joined: Mon Oct 13, 2003 7:31 am
Location: France

Re: XNView MP 1.6.4 - Vulnerability in OpenSSL 1.1.1 - CVE-2021-3711

Post by xnview »

:bugconfirmed: Thanks to your detailed description I can reproduce the problem.
Pierre.
User avatar
xnview
Author of XnView
Posts: 43833
Joined: Mon Oct 13, 2003 7:31 am
Location: France

Re: XNView MP 1.6.4 - Vulnerability in OpenSSL 1.1.1 - CVE-2021-3711

Post by xnview »

This problem is supposed to be fixed in XnView MP 1.7.0. Please check and confirm the bug fix here.
Pierre.