7.8

CVE-2013-3939

EPSS 1.01%
Published 02.01.2020 20:15:14
Last modified 21.11.2024 01:54:34
Source PSIRT-CNA@flexerasoftware.com
Teams watchlist Login
Open Login

xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Xnview ≫ Xnview Version < 2.13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.01%	0.75

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087

Vendor Advisory

Permissions Required

http://secunia.com/advisories/52101

Vendor Advisory

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2013-3939

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-3939

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-3939

EUVD