CVE-2013-3939

HIGH

Xnview < 2.13 - Out-of-Bounds Write

Title source: rule

Description

xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.

References (2)

[Permissions Required, Vendor Advisory] http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087

[Not Applicable, Vendor Advisory] http://secunia.com/advisories/52101

Scores

CVSS v3 7.8

EPSS 0.0101

EPSS Percentile 76.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-787

Status published

Affected Products (1)

xnview/xnview < 2.13

Timeline

Published Jan 02, 2020

Tracked Since Feb 18, 2026