Lucene search

MitreCVE-2019-19468

HistoryNov 30, 2019 - 7:15 p.m.

CVE-2019-19468

2019-11-3019:15:11

CWE-434

mitre

web.nvd.nist.gov

cve-2019-19468

free photo viewer

remote code execution

crafted files

bmp

tiff

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.5%

JSON

Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 corrupt entry.

Affected configurations

Nvd

Node

10-strikefree_photo_viewerMatch1.3

VendorProductVersionCPE
10-strikefree_photo_viewer1.3cpe:2.3:a:10-strike:free_photo_viewer:1.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
10-strike	free_photo_viewer	1.3	cpe:2.3:a:10-strike:free_photo_viewer:1.3:::::::*

References

code610.blogspot.com/2019/11/from-0-to-0day-quick-fuzzing-lesson.html

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.5%

JSON

Related for CVE-2019-19468