Vulnerability CVE-2013-3939


Published: 2020-01-02

Description:
xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.

Type:

CWE-787

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Xnview -> Xnview 

 References:
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087
http://secunia.com/advisories/52101

Copyright 2024, cxsecurity.com

 

Back to Top