CVE-2013-3480 : Integer overflow in Sagelight 4.4 and earlier allows remote attackers to execute

Integer overflow in Sagelight 4.4 and earlier allows remote attackers to execute arbitrary code via crafted width and height dimensions in a BMP file, which triggers a heap-based buffer overflow.

Published 2013-08-09 20:56:08

Updated 2025-04-11 00:51:22

Source Flexera Software LLC

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2013-3480

Sagelighteditor » Sagelight
Versions up to, including, (<=) 4.4
cpe:2.3:a:sagelighteditor:sagelight:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-3480

EPSS FAQ

10.52%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-3480

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-3480

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-3480

https://exchange.xforce.ibmcloud.com/vulnerabilities/85920

Sagelight BMP file buffer overflow CVE-2013-3480 Vulnerability Report
http://secunia.com/advisories/52705

Sign in
Vendor Advisory
http://www.securityfocus.com/bid/61408

Sagelight BMP File Handling Remote Heap Buffer Overflow Vulnerability

Jump to

Vulnerability Details : CVE-2013-3480

Products affected by CVE-2013-3480

Exploit prediction scoring system (EPSS) score for CVE-2013-3480

CVSS scores for CVE-2013-3480

CWE ids for CVE-2013-3480

References for CVE-2013-3480