Lucene search
HistoryMar 18, 2014 - 5:02 p.m.
CVE-2013-3938
cve-2013-3938
integer overflow
xnview
remote code execution
jxr file
nvd
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.2 High
AI Score
Confidence
High
0.019 Low
EPSS
Percentile
88.6%
Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buffer overflow.
Affected configurations
Node
xnviewxnviewMatch2.13
| CPE | Name | Operator | Version |
|---|---|---|---|
| xnview:xnview | xnview | eq | 2.13 |
Related
cvelist
cvelist
CVE-2013-3938
2014-03-18 14:00:00
kaspersky
kaspersky
KLA10404 ACE vulnerability in XnView
2014-03-18 00:00:00
openvas
openvas
XnView JXR File Handling Buffer Overflow Vulnerability
2014-03-26 00:00:00
prion
prion
Integer overflow
2014-03-18 17:02:00
nvd
nvd
CVE-2013-3938
2014-03-18 17:02:52
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.2 High
AI Score
Confidence
High
0.019 Low
EPSS
Percentile
88.6%
Related for CVE-2013-3938