7.8

CVE-2013-3939

EPSS 1.01%
Veröffentlicht 02.01.2020 20:15:14
Zuletzt bearbeitet 21.11.2024 01:54:34
Quelle PSIRT-CNA@flexerasoftware.com
Teams Watchlist Login
Unerledigt Login

xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xnview ≫ Xnview Version < 2.13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.01%	0.75

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087

Vendor Advisory

Permissions Required

http://secunia.com/advisories/52101

Vendor Advisory

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2013-3939

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-3939

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-3939

EUVD