The host is installed with XnView before 1.99 and is prone to heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image. Successful exploitation allows remote attackers to cause a denial of service.