xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.
References
Link | Resource |
---|---|
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | Permissions Required Vendor Advisory |
http://secunia.com/advisories/52101 | Not Applicable Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: flexera
Published: 2020-01-02T19:11:43
Updated: 2020-01-02T19:11:43
Reserved: 2013-06-04T00:00:00
Link: CVE-2013-3939
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-02T20:15:14.053
Modified: 2020-01-15T14:16:37.237
Link: CVE-2013-3939
JSON object: View
Redhat Information
No data.
CWE