CVE-2013-3939

EUVD-2013-3871
xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
xnviewxnview
𝑥
< 2.13
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087
http://secunia.com/advisories/52101
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087
http://secunia.com/advisories/52101