Description
XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file.
Published: 2026-03-23
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Code Execution
Action: Immediate Patch
AI Analysis

Impact

This flaw is a stack buffer overrun that can be triggered by processing a specially crafted TIFF file. The overflow can overwrite control data on the stack, potentially allowing the attacker to execute arbitrary code in the context of the application. While the description does not state the full extent of the damage, buffer overflows of this type typically enable reliable code execution once the overwrite is successful.

Affected Systems

The vulnerability affects the XnView NConvert utility, specifically version 7.230. It is available for the platforms supported by XnView, including Windows and macOS.

Risk and Exploitability

The CVSS score of 6.2 indicates a moderate severity, and the EPSS score of less than 1% suggests a low likelihood of widespread exploitation at present. The attack requires a victim to run NConvert on a file crafted by an attacker, implying a local or user‑initiated exploitation scenario rather than an automated remote attack. The vulnerability is not listed in the CISA KEV catalog, further indicating that there are no known widespread exploit attempts documented.

Generated by OpenCVE AI on March 26, 2026 at 17:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update XnView NConvert to the latest available version (provisionally 7.231 or later).
  • Confirm that the installed version reflects the update.
  • If an update is not immediately available, avoid processing any untrusted TIFF files with NConvert until a patched version is released.

Generated by OpenCVE AI on March 26, 2026 at 17:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 09:30:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overrun in XnSoft NConvert via Crafted TIFF

Thu, 26 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:xnview:nconvert:7.230:*:*:*:*:*:*:*

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Stack Buffer Overrun in XnSoft NConvert via Crafted TIFF

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Xnview
Xnview nconvert
Vendors & Products Xnview
Xnview nconvert

Mon, 23 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Mon, 23 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Description XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file.
References

Subscriptions

Xnview Nconvert
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-23T17:08:13.748Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30006

cve-icon Vulnrichment

Updated: 2026-03-23T17:08:09.718Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T17:16:48.907

Modified: 2026-03-26T15:27:42.147

Link: CVE-2026-30006

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:21:25Z

Weaknesses