CVE-2013-3939

xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.
References
Link Resource
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 Permissions Required Vendor Advisory
http://secunia.com/advisories/52101 Not Applicable Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*

Information

Published : 2020-01-02 12:15

Updated : 2020-01-15 06:16


NVD link : CVE-2013-3939

Mitre link : CVE-2013-3939


JSON object : View

CWE
CWE-787

Out-of-bounds Write

Advertisement

dedicated server usa

Products Affected

xnview

  • xnview