{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30007", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-23T17:09:36.890Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-23T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-23T16:37:17.573Z"}, "descriptions": [{"lang": "en", "value": "XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.xnview.com/en/nconvert/"}, {"url": "https://github.com/PassMoon/Nconvert_Vul_7.230"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T17:09:14.227569Z", "id": "CVE-2026-30007", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T17:09:36.890Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30007", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T17:09:14.227569Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T17:09:29.681Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.xnview.com/en/nconvert/"}, {"url": "https://github.com/PassMoon/Nconvert_Vul_7.230"}], "descriptions": [{"lang": "en", "value": "XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-23T16:37:17.573Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30007", "state": "PUBLISHED", "dateUpdated": "2026-03-23T17:09:36.890Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-23T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xnview:nconvert:7.230:*:*:*:*:*:*:*", "matchCriteriaId": "30064642-A265-4EC4-A5A1-C4A099E7FF26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file"}, {"lang": "es", "value": "XnSoft NConvert 7.230 es vulnerable a uso despu\u00e9s de liberaci\u00f3n a trav\u00e9s de un archivo .tiff manipulado."}], "id": "CVE-2026-30007", "lastModified": "2026-03-26T15:30:13.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-23T17:16:49.083", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/PassMoon/Nconvert_Vul_7.230"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.xnview.com/en/nconvert/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.230"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "nconvert", "vendor": "xnsoft"}], "analysis": {"en": {"generated_at": "2026-03-23T18:51:01.497070+00:00", "value": {"mitigation_remediation": ["Apply the latest patch from XnSoft that fixes the use-After-Free flaw in NConvert 7.230.", "Until a patch is available, avoid running NConvert on unknown or untrusted TIFF files.", "Monitor XnSoft's website or security advisories for updates related to this vulnerability."], "summary": {"action": "Apply Patch", "impact": "Use-After-Free vulnerability in NConvert 7.230"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the XnSoft NConvert image-conversion utility, version 7.230. No other versions or products are noted as affected.", "description_and_impact": "XnSoft NConvert 7.230 contains a use-After-Free flaw that can be triggered by supplying a specially crafted .tiff file. When the flaw is exploited the program may attempt to access memory that has already been freed, leading to undefined behavior such as application crashes.", "risk_and_exploitability": "The CVSS score of 6.2 indicates medium severity. No EPSS score is available and the issue is not listed in the CISA KEV catalog. The likely attack vector is local file input \u2013 an attacker would need to provide a malicious .tiff file to NConvert, either directly or via a file distribution mechanism."}}}}, "created": "2026-03-24T10:35:00.461811+00:00", "title": "Use-After-Free Vulnerability in XnSoft NConvert 7.230 via Crafted TIFF File", "updated": "2026-03-25T14:50:08.392608+00:00", "vendors": ["xnsoft", "xnsoft$PRODUCT$nconvert"]}