CVE-2026-30007 | XnSoft NConvert 7.230 use after free

VDB-352552 · CVE-2026-30007 · EUVD-2026-14469 XNSOFT NCONVERT 7.230 USE AFTER FREE HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 4.7 $0-$5k 2.69+ Summaryinfo A vulnerability was found in XnSoft NConvert 7.230 and classified as critical. This affects an unknown part. Executing a manipulation can lead to use after free. This vulnerability is tracked as CVE-2026-30007. The attack is restricted to local execution. No exploit exists. Detailsinfo A vulnerability has been found in XnSoft NConvert 7.230 and classified as problematic. This vulnerability affects an unknown code. The manipulation with an unknown input leads to a use after free vulnerability. The CWE definition for the vulnerability is CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. As an impact it is known to affect availability. CVE summarizes: XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file The advisory is shared for download at xnview.com. This vulnerability was named CVE-2026-30007 since 03/04/2026. The exploitation appears to be easy. The attack needs to be approached locally. There are neither technical details nor an exploit publicly available. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-14469). Productinfo Vendor XnSoft Name NConvert Version 7.230 CPE 2.3info 🔒 CPE 2.2info 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 4.7 VulDB Meta Temp Score: 4.7 VulDB Base Score: 3.3 VulDB Temp Score: 3.3 VulDB Vector: 🔒 VulDB Reliability: 🔍 ADP CISA Base Score: 6.2 ADP CISA Vector: 🔒 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Use after free CWE: CWE-416 / CWE-119 CAPEC: 🔒 ATT&CK: 🔒 Physical: Partially Local: Yes Remote: No Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: no mitigation known Status: 🔍 0-Day Time: 🔒 Timelineinfo 03/04/2026 CVE reserved 03/23/2026 +19 days Advisory disclosed 03/23/2026 +0 days VulDB entry created 03/23/2026 +0 days VulDB entry last update Sourcesinfo Advisory: xnview.com Status: Not defined CVE: CVE-2026-30007 (🔒) GCVE (CVE): GCVE-0-2026-30007 GCVE (VulDB): GCVE-100-352552 EUVD: 🔒 Entryinfo Created: 03/23/2026 18:49 Updated: 03/23/2026 20:49 Changes: 03/23/2026 18:49 (61), 03/23/2026 20:49 (1) Complete: 🔍 Cache ID: 99:C60:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸