PT-2013-4253 · Xnsoft+1 · Xnview

Published

2013-05-30

Updated

2020-01-03

CVE-2013-3247

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions XnView versions prior to 2.03

Description The issue is related to a heap-based buffer overflow in the xnview.exe module when decompressing RLE compressed layers of XCF files. This can be exploited by remote attackers to execute arbitrary code via a specially crafted RLE compressed layer within an XCF file.

Recommendations For versions prior to 2.03, update to version 2.03 or later to resolve the issue. As a temporary workaround, consider avoiding the use of RLE compressed layers in XCF files until the update is applied.

Exploit

Fix

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2013-3247

Affected Products

Xnview

PT-2013-4253 · Xnsoft+1 · Xnview

CVE-2013-3247

Weakness Enumeration

Related Identifiers

Affected Products

References · 4