PT-2020-7474 · Irfanview · Irfanview Mrsid Plugin

Published

2020-01-02

Updated

2020-01-17

CVE-2013-3945

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: IrfanView MrSID plugin versions prior to 4.37

Description: The issue allows remote attackers to execute arbitrary code via a nband tag. This can be exploited by attackers to gain unauthorized access to systems.

Recommendations: For IrfanView MrSID plugin versions prior to 4.37, update to version 4.37 or later to resolve the issue. As a temporary workaround, consider disabling the MrSID plugin until a patch is available. Restrict access to files that may contain malicious nband tags to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-3945

Affected Products

Irfanview Mrsid Plugin

PT-2020-7474 · Irfanview · Irfanview Mrsid Plugin

CVE-2013-3945

Weakness Enumeration

Related Identifiers

Affected Products

References · 5