CVE-2024-22532
Published: 28 February 2024
Summary
CVE-2024-22532 is a medium-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Xnview Nconvert. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 9.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-22532 is a heap-based buffer overflow vulnerability, tracked as CWE-122, that affects XNSoft NConvert version 7.163 on Windows x86. The flaw resides in the application's handling of XWD image files and carries a CVSS 3.1 score of 6.5, reflecting a network-reachable vector that requires low attack complexity, no authentication, and user interaction to trigger a denial-of-service condition with high availability impact.
An unauthenticated attacker can exploit the issue by supplying a specially crafted XWD file that the victim opens in NConvert. Successful exploitation results in a crash that terminates the application, thereby denying service to legitimate users while leaving confidentiality and integrity unaffected.
The two reference URLs point to the same GitHub repository containing proof-of-concept material; no vendor advisory, patch information, or mitigation guidance is provided in the available references. The associated EPSS score has remained low, moving only from 0.0512 to a peak of 0.0556.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-20069
Vulnerability details
Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap-based buffer overflow in NConvert/XnView via crafted XWD file enables remote code execution (T1203: Exploitation for Client Execution) and denial of service (T1499.004: Application or System Exploitation).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.