CVE-2013-3939

Name of the Vulnerable Software and Affected Versions: XnView versions prior to 2.13

Description: The issue arises from the improper handling of RLE strip lengths during the processing of RGB files, allowing remote attackers to execute arbitrary code via the RLE strip size field in a RGB file. This leads to an unexpected sign extension error and a heap-based buffer overflow.

Recommendations: For versions prior to 2.13, update to version 2.13 or later to resolve the issue. As a temporary workaround, consider avoiding the use of xnview.exe for processing RGB files until the update is applied. Restrict access to untrusted RGB files to minimize the risk of exploitation.