CVE-2021-28427: XnView 2.49.4 - XnView Software

Dear user,

XnView 2.49.4 for Windows is available. Versions are available on the normal XnView Download page.

Please note that the XnView Download page offers packages with German/French Setup and German/French Online help.

Direct links to the English Standard version are:
http://download.xnview.com/XnView-win.exe (English Setup, Multi language)
http://download.xnview.com/XnView-win.zip (ZIP file, Multi language)

XnView Shell Extension 32bits:
http://download.xnview.com/XnShellEx.exe
http://download.xnview.com/XnShellEx.zip

XnView Shell Extension 64bits:
http://download.xnview.com/XnShellEx64.exe
http://download.xnview.com/XnShellEx64.zip

SHA256:
XnView-win.exe: 030E3E45C51A349A3417B52AD6F6547267F1AA6E86BF03BB13E49341AB9FAEB8
XnView-win.zip: 9E936FB7CD699019A2D1ADF795D6BB078A08686D95ACA0BEA482E0ECE5C72902
XnView-win-full.exe: 31E13FE27894610D27167ABB0503C6B109E00169D6F3E291BE6661D27953E1C6
XnView-win-full.zip: 646DE249CEB6E9C1736BC34217C36E720FD7E2FA25468B271A6DEC18707D4E3E
XnView-win-small.exe: 57E5DF33083C3F440CFA7E44ABE4403724679EEC7A1E57018A5B81A1748557FB
XnView-win-small.zip: 15DC199567011B41B616BB38DFF31771A9D3E65F1517FC2BEE2068DD69B479FE

____ 2.49.4 Changelog

* Ghostscript 9.53.x
* GPS & file date - viewtopic.php?f=56&t=40971
* TIFF Security vulnerability (Thanks to Michael Heinzl)
* NConvert: -levels2 - viewtopic.php?f=57&t=40490
* NConvert: -resize supports cm/mm/inches
* NConvert: -autodeskew fixed
* NConvert: -noholder to disable %$ chars - viewtopic.php?f=57&t=40820

____ 2.49.3 Changelog

* Convert 16 to 256 colors - viewtopic.php?f=36&t=39421
* Disable ESC to close tabs - viewtopic.php?f=35&t=17078
[General] EscToCloseView=0
* Select file from search results & switching mode - viewtopic.php?f=34&t=40063
* Title empty when recurse - viewtopic.php?f=36&t=39979
* Resize - viewtopic.php?f=35&t=40248
* Slideshow: Order of files - viewtopic.php?f=56&t=40087
* Fortis Mag fix
* NConvert: -wmsize watermark percent size - viewtopic.php?f=57&t=38754
* NConvert: canvas size in inches/cm/mm - viewtopic.php?f=57&t=39361
* NConvert: replace_color - viewtopic.php?f=57&t=39769
* NConvert: -temperature added

____ 2.49.2 Changelog

* Problem with Ghostscript 9.50
* PDF font problem - viewtopic.php?f=36&t=39662
* CR3 - viewtopic.php?f=35&t=39478
* .sld must use ‘Recurse’ setting - viewtopic.php?f=35&t=39330
* GIF loop - viewtopic.php?f=36&t=31689
* PAM CMYK

____ 2.49.1 Changelog

* TIFF 16bits greyscale

____ 2.49 Changelog

* SQLite 3.29.0
* NConvert: greater_than/less_than condition - viewtopic.php?f=57&t=39147
* PSD: Error when writing metadata - viewtopic.php?f=57&t=39137
* Export - Problem with RGBA - viewtopic.php?f=36&t=39044
* Capture - viewtopic.php?f=36&t=38934
* Left/Right F11 to open fullscreen on Left/Right monitor
* Create multi file & folder with ‘.’ - viewtopic.php?f=36&t=39008
* # to comment line in .sld file
* Multipage create: Check if output filename exists
* Slideshow crash when using animated GIF - viewtopic.php?f=36&t=38902
* XIM format import added
* Change timestamp must not use 12h format - viewtopic.php?f=36&t=38702
* GIF not played correctly in Slideshow - viewtopic.php?f=34&t=38303
* CVE - https://github.com/apriorit/pentesting/ … ugs/xnview
* NConvert: -unsharp
* NConvert: -exposure - viewtopic.php?f=57&t=39136
* NConvert: -colorize h l s
* NConvert: Remove EXIF orientation -exif_rotation - viewtopic.php?f=57&t=38648
* [Rename]/TemplateStart, position of number in template - viewtopic.php?f=34&t=38568
* CVE-2019-12151
* ShellEx: ‘Convert…’ & input fields

____ 2.48 Changelog

* RGB inverted when printing 8bits cmap picture from browser
* WebP 32bits
* PDF Multipage create - viewtopic.php?f=35&t=38030

____ 2.47 Changelog

XCF 2.10
ICNS with JPEG2000 icon
GIF loop & Quick slideshow - viewtopic.php?f=36&t=31689
Problem with local charset for image description EXIF field
[Start]/BugBlueLine=1 to remove the bug of blue line
PDF output without font info - viewtopic.php?f=35&t=38030
Space must not show tagbox if not enabled
NConvert: -no_auto_rotate - viewtopic.php?f=57&t=38239
NConvert: -autocrop with position
NConvert: add -lower to lower case output filename
NConvert: Bug when output filename contains a numeric enumerator - viewtopic.php?f=57&t=38014

____ 2.46 Changelog

JPEG2000 YCC - viewtopic.php?f=35&t=37806
Bad loading for ARW - viewtopic.php?f=36&t=37683
TIFF with JPEG compression - viewtopic.php?f=35&t=37585
Adjust dialog clipped - viewtopic.php?f=36&t=32011
PDF version 1.4 output
Sqlite 2.24.0
RLE & ICO vulnerabilities Cody Sixteen from STM Solutions
NConvert: stdout problem on windows - viewtopic.php?f=57&t=37810

____ 2.45 Changelog

License written in HKCU
Support HPI with transparency
Shows dots under certain conditions - viewtopic.php?f=36&t=37447
Resize - viewtopic.php?f=36&t=37451
Blue bar - viewtopic.php?f=36&t=36278
Resize dialog crash with ^^ - viewtopic.php?f=36&t=36644
Parameters & External program - viewtopic.php?f=35&t=15465

____ 2.44 Changelog

Monitor power off during slideshow
Color profile not used Browser>Print - viewtopic.php?f=36&t=36833
-filelist doesn’t work anymore
Tile child window - viewtopic.php?f=56&t=36527
Strange colors on grey image - viewtopic.php?f=35&t=36485
UTF8 Exif Image Description

____ 2.43 Changelog

Better HEIF support - http://www.xnview.com/download/plugins/heif_x32.zip
Unwanted file types shown in Viewer - viewtopic.php?f=36&t=35484
FileListUseExt=1
Alpha glitch - viewtopic.php?f=36&t=36454
Folder browsing via command line - viewtopic.php?f=36&t=36434
Lossless crop corruption - viewtopic.php?f=36&t=36378

____ 2.42 Changelog

HEIF support - Extract http://www.xnview.com/download/plugins/heif_x32.zip in Plugins folder

____ 2.41 Changelog

Basic support for unicode filename
2Gb limitation on 64bits OS - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35165
Displaying RGBA image without use alpha - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35809
Print TIFF with orientation flag in browser - http://newsgroup.xnview.com/viewtopic.php?f=36&t=36197
GIF loop not saved in .sld - http://newsgroup.xnview.com/viewtopic.php?f=35&t=35991
Clip support - http://newsgroup.xnview.com/viewtopic.php?f=34&t=28554
Slideshow crash on RAW files - http://newsgroup.xnview.com/viewtopic.php?f=36&t=34632
TIF > 2GB & multipage - http://newsgroup.xnview.com/viewtopic.php?f=79&t=35056
RGBA printing
Thumbnails upscaling - http://newsgroup.xnview.com/viewtopic.php?f=35&t=36090
NConvert: -keepdocsize fixed
NConvert: -shadow - http://newsgroup.xnview.com/viewtopic.php?f=57&t=36163
NConvert: -align - http://newsgroup.xnview.com/viewtopic.php?f=57&t=36164

____ 2.40 Changelog

CMYK image default color profile - http://newsgroup.xnview.com/viewtopic.php?f=35&t=31685
http://newsgroup.xnview.com/viewtopic.php?f=35&t=28839
RGBA resize (bilinear) - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33425
http://newsgroup.xnview.com/viewtopic.php?t=29238
http://newsgroup.xnview.com/viewtopic.php?t=34493
Ctrl+RMB to copy color - http://newsgroup.xnview.com/viewtopic.php?p=141793
Capture rectangle on second monitor - http://newsgroup.xnview.com/viewtopic.php?f=56&t=32892
Print 50+ via command line - http://newsgroup.xnview.com/viewtopic.php?f=35&t=35350
Filelist to print - http://newsgroup.xnview.com/viewtopic.php?f=34&t=35378
LIBPNG 1.6.29
SQLite 3.18.0
ZLIB 1.2.11
LCMS 2.8
BMP 2+10+10+10 - http://newsgroup.xnview.com/viewtopic.php?f=36&t=32577
Category removed if delete file - http://newsgroup.xnview.com/viewtopic.p … 2&start=15
Category moved with Cut/Paste
8BF & undo - http://newsgroup.xnview.com/viewtopic.php?f=36&t=34508
‘Purge Now’ - http://newsgroup.xnview.com/viewtopic.php?f=34&t=32667
OpenEXR updated - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33039
Resize gamma correction - http://newsgroup.xnview.com/viewtopic.php?f=34&t=33273
Change timestamp & DST - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33483
Selection + Tab - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33983
GIF loop - http://newsgroup.xnview.com/viewtopic.php?f=35&t=34036
PAM format - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35132
JPEG 2000 - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35277
Maximize on first monitor - http://newsgroup.xnview.com/viewtopic.php?f=36&t=32343
Resize default size - http://newsgroup.xnview.com/viewtopic.php?f=34&t=33694
PEF for thumbnail’s folder - http://newsgroup.xnview.com/viewtopic.php?f=35&t=35363
Cancel removed from Setup wizard - http://newsgroup.xnview.com/viewtopic.php?f=34&t=32958
Previous/Next file & RecognizeByExt == false - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33127
Next/Previous & video - http://newsgroup.xnview.com/viewtopic.php?f=36&t=35182
Better dialog for update - http://newsgroup.xnview.com/viewtopic.php?f=34&t=19950
WebP plugin updated
OpenJPEG2000 updated
RIOT addon updated
PNGOUT updated
X3F with only embedded JPEG
NConvert: text with -text_rotation - http://newsgroup.xnview.com/viewtopic.php?f=57&t=35441
NConvert: -text_border added

____ 2.39 Changelog

no IPTC fields in tooltip/info
Thumbnail for blend file

____ 2.38 Changelog

Sort by exif - http://newsgroup.xnview.com/viewtopic.php?f=36&t=32387
Zooming instead file navigation - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33917

____ 2.37 Changelog

Better HiDPI support
Change timestamp and video
GPS direction - http://newsgroup.xnview.com/viewtopic.php?f=35&t=33587
Right click (make selection) and delete - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33700
NConvert: Multipage extract - http://newsgroup.xnview.com/viewtopic.php?f=57&t=33879

____ 2.36 Changelog

FLIF format added
SVG support via rsvg-convert.exe - http://newsgroup.xnview.com/viewtopic.php?f=34&t=31748
Search similar & extension - http://newsgroup.xnview.com/viewtopic.php?f=56&t=32840
Multipage save doesn’t use read settings
PCT crash - http://newsgroup.xnview.com/viewtopic.php?f=36&t=33025
NConvert: -t start step for number in output name

____ 2.35 Changelog

#THUMB_WIDTH_MAX# & #THUMB_HEIGHT_MAX# - http://newsgroup.xnview.com/viewtopic.php?f=34&t=30652
JPEGXR
Backspace not working in fullscreen
LibPNG 1.6.20
ZIPPack Addon - http://newsgroup.xnview.com/viewtopic.php?f=35&t=31563

Pierre.