Does CVE-2017-9900 Affect only XnView Classic?

Ask for help and post your question on how to use XnView MP.

Moderators: XnTriq, helmut, xnview

marsianoz13
Posts: 4
Joined: Mon Oct 21, 2024 1:34 pm

Does CVE-2017-9900 Affect only XnView Classic?

Post by marsianoz13 »

Hi Support,

Would like to confirm if CVE-2017-9900 only affects XnView Classic for Windows Version 2.40 and below? What is the fix version? Would like to confirm. I work for Rapid7 and support our IVM product. We are a vulnerability management security application and would like to confirm the ranges of this vulnerability. Our customer and engineering did try via email but either no response or response isn't clear. Any help would be great to improve our product and reduce the False Positives.

Thanks,
User avatar
xnview
Author of XnView
Posts: 44943
Joined: Mon Oct 13, 2003 7:31 am
Location: France

Re: Does CVE-2017-9900 Affect only XnView Classic?

Post by xnview »

The detail of this CVE is no more available, so we can't answer
Pierre.
marsianoz13
Posts: 4
Joined: Mon Oct 21, 2024 1:34 pm

Re: Does CVE-2017-9900 Affect only XnView Classic?

Post by marsianoz13 »

Not sure that I understand your response. What do you mean? If you look here:

https://nvd.nist.gov/vuln/detail/CVE-2017-9900

That is still public facing. Just need help verifying. Please!
User avatar
xnview
Author of XnView
Posts: 44943
Joined: Mon Oct 13, 2003 7:31 am
Location: France

Re: Does CVE-2017-9900 Affect only XnView Classic?

Post by xnview »

the detail url is not available https://github.com/wlinzi/security_advi ... -2017-9900

I think that this CVE is fixed in latest version of XnView Classic
Pierre.
marsianoz13
Posts: 4
Joined: Mon Oct 21, 2024 1:34 pm

Re: Does CVE-2017-9900 Affect only XnView Classic?

Post by marsianoz13 »

Would that be the 2.51.7? Would like to get confirmation so we can update our checks. :D
User avatar
xnview
Author of XnView
Posts: 44943
Joined: Mon Oct 13, 2003 7:31 am
Location: France

Re: Does CVE-2017-9900 Affect only XnView Classic?

Post by xnview »

marsianoz13 wrote: Wed Oct 23, 2024 12:37 pm Would that be the 2.51.7? Would like to get confirmation so we can update our checks. :D
yes all CVE from this author
Pierre.
marsianoz13
Posts: 4
Joined: Mon Oct 21, 2024 1:34 pm

Re: Does CVE-2017-9900 Affect only XnView Classic?

Post by marsianoz13 »

Hi Pierre,

We really need your help. Can you get confirmation which exact version of XnView Classic resolves this CVE-2017-9900. We want to adjust our checks. Without confirmation of the exact version, we aren't able to make changes. Can you check with your internal teams? If your confident that 2.51.7 resolves this, let me know.

Thanks,
User avatar
xnview
Author of XnView
Posts: 44943
Joined: Mon Oct 13, 2003 7:31 am
Location: France

Re: Does CVE-2017-9900 Affect only XnView Classic?

Post by xnview »

I think that all CVE from this author has been fixed in 2.51.7, but details of CVE are no more available so not easy to confirm
Pierre.