Primary

Context

XnSoft NConvert Use-After-Free Vulnerability in TIFF File Processing

Vulnerability

A use-after-free vulnerability has been identified in XnSoft NConvert version 7.230. This issue arises when the application processes a crafted TIFF file, leading to a potential denial-of-service condition.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the application may crash or become unresponsive.

Reproduction

The vulnerability can be reproduced by using the command-line option '-out tiff' with a crafted TIFF file named 'id_000002_00'. This command will trigger the use-after-free condition while processing the file.

Added: Mar 23, 2026, 5:25 PM

Updated: Mar 23, 2026, 5:25 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

5.6

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

5.6

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

XnSoft NConvert Use-After-Free Vulnerability in TIFF File Processing

Vulnerability

Impact

Reproduction

Affected Products

XnSoft NConvert

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating