Cyber Resilience

CVE-2024-22532

MediumPublic PoC

Published: 28 February 2024

Published
28 February 2024
Modified
13 May 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score 0.0512 90.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-22532 is a medium-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Xnview Nconvert. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 9.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-22532 is a heap-based buffer overflow vulnerability, tracked as CWE-122, that affects XNSoft NConvert version 7.163 on Windows x86. The flaw resides in the application's handling of XWD image files and carries a CVSS 3.1 score of 6.5, reflecting a network-reachable vector that requires low attack complexity, no authentication, and user interaction to trigger a denial-of-service condition with high availability impact.

An unauthenticated attacker can exploit the issue by supplying a specially crafted XWD file that the victim opens in NConvert. Successful exploitation results in a crash that terminates the application, thereby denying service to legitimate users while leaving confidentiality and integrity unaffected.

The two reference URLs point to the same GitHub repository containing proof-of-concept material; no vendor advisory, patch information, or mitigation guidance is provided in the available references. The associated EPSS score has remained low, moving only from 0.0512 to a peak of 0.0556.

EU & UK References

Vulnerability details

Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Heap-based buffer overflow in NConvert/XnView via crafted XWD file enables remote code execution (T1203: Exploitation for Client Execution) and denial of service (T1499.004: Application or System Exploitation).

Affected Assets

xnview
nconvert
7.136

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References