CVE-2013-3939

Summary

xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow.

Affected Software

VendorProductVersion RangeStatus
XnViewXnViewbefore 2.13affected

Weaknesses

  • Other

ADP Enrichment

CVE Program Container

Additional References

References