Vulnerability Details : CVE-2013-2577
Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2013-2577
Probability of exploitation activity in the next 30 days: 13.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-2577
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2013-2577
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2577
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/85919
XnView .PCT file buffer overflow CVE-2013-2577 Vulnerability Report
-
http://archives.neohapsis.com/archives/bugtraq/2013-07/0153.html
Exploit
-
http://newsgroup.xnview.com/viewtopic.php?f=35&t=28400
XnView Software - LoginPatch
-
http://www.exploit-db.com/exploits/27049
XnView 2.03 - '.pct' Buffer Overflow - Windows dos ExploitExploit
-
http://www.coresecurity.com/advisories/xnview-buffer-overflow-vulnerability
XnView Buffer Overflow Vulnerability | Core SecurityExploit
-
http://www.securitytracker.com/id/1028817
XnView Buffer Overflow in Processing PCT Files Lets Remote Users Execute Arbitrary Code - SecurityTracker
Products affected by CVE-2013-2577
- cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.92.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.96:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.95.4:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.94:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.93.6:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.91.6:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.91.5:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.90:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.82.4:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.80:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.74:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.67:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.66:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.45:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.41:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.31:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.05:c:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.0:a:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.96.5:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.96.2:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.96.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.94.2:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.94.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.93:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.92:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.90.3:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.90.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.80.2:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.80.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.68.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.68:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.50:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.46:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.34:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.23:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.08:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.07:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.97:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.95.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.95:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.93.2:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.93.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.91.2:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.91.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.91:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.82:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.80.3:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.70.2:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.70:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.55:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.50.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.36:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.35:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.25:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.24:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.17:a:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.95.3:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.95.2:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.93.4:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.93.3:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.91.4:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.91.3:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.82.3:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.82.2:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.70.4:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.70.3:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.65:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.61:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.60:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.40:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.37:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.30:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.25:a:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.05:b:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.97.4:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.97.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.97.2:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.98.5:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.99:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.99.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.97.5:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.97.6:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.98.4:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.98.2:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.98.3:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.98:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.98.1:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.98.8:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.97.3:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.97.7:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.97.8:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.98.6:*:*:*:*:*:*:*
- cpe:2.3:a:xnview:xnview:1.98.7:*:*:*:*:*:*:*