CVE-2013-3939
HIGHXnView < 2.13 - Remote Code Execution via RGB RLE Strip Length Handling
Title source: llmDescription
xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.
References (2)
Core 2
Core References
Not Applicable, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52101
Permissions Required, Vendor Advisory x_refsource_confirm
http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087
Scores
CVSS v3
7.8
EPSS
0.0101
EPSS Percentile
77.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
xnview/xnview
< 2.13
Published
Jan 02, 2020
Tracked Since
Feb 18, 2026