Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.
References
Link | Resource |
---|---|
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087 | Permissions Required Vendor Advisory |
http://secunia.com/advisories/52101 | Not Applicable Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: flexera
Published: 2020-01-02T19:11:40
Updated: 2020-01-02T19:11:40
Reserved: 2013-06-04T00:00:00
Link: CVE-2013-3941
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-02T20:15:14.457
Modified: 2020-01-08T19:35:55.607
Link: CVE-2013-3941
JSON object: View
Redhat Information
No data.
CWE