Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.
References
Link | Resource |
---|---|
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | Permissions Required Vendor Advisory |
http://secunia.com/advisories/52101 | Not Applicable Third Party Advisory |
Configurations
Information
Published : 2020-01-02 12:15
Updated : 2020-01-08 11:35
NVD link : CVE-2013-3941
Mitre link : CVE-2013-3941
JSON object : View
CWE
CWE-787
Out-of-bounds Write
Products Affected
xnview
- xnview