CVE-2013-2577

XnView <2.04 - RCE

Title source: llm

Description

Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Core Security · textdoswindows

https://www.exploit-db.com/exploits/27049

View Code ZIP pw:eip

References (8)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html

[Patch] http://newsgroup.xnview.com/viewtopic.php?f=35&t=28400

[Vendor Advisory] http://secunia.com/advisories/54174

[Exploit] http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability

[Exploit] http://www.exploit-db.com/exploits/27049

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/85919

[Third Party Advisory, VDB Entry] http://osvdb.org/95580

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1028817

Scores

EPSS 0.3179

EPSS Percentile 96.7%

Classification

CWE

CWE-119

Status draft

Affected Products (50)

xnview/xnview

xnview/xnview < 2.03

xnview/xnview

xnview/xnview

xnview/xnview

xnview/xnview

xnview/xnview

xnview/xnview

xnview/xnview

xnview/xnview

xnview/xnview

xnview/xnview

xnview/xnview

xnview/xnview

xnview/xnview

... and 35 more

Timeline

Published Aug 09, 2013

Tracked Since Feb 18, 2026