Stack-Based Buffer Overflow in MrSID Plugin for IrfanView
CVE-2013-3944

7.8HIGH

Key Information:

Vendor

Irfanview
Status
Mrsid Plugin
Vendor
CVE Published:
2 January 2020

What is CVE-2013-3944?

The MrSID plugin for IrfanView is susceptible to a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code. This flaw occurs due to improper handling of IMAGE tags, particularly in versions prior to 4.37 of the MrSID.dll. Exploitation of this vulnerability could lead to severe consequences, including unauthorized access to sensitive data and full system compromise.

Affected Version(s)

MrSID plugin before 4.37

References

http://www.securityfocus.com/bid/64385
x_refsource_MISC
https://www.irfanview.com/history_old.htm
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/89804
x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.