Heap-based Buffer Overflow in MrSID Plugin for IrfanView
CVE-2013-3946

7.8HIGH

Key Information:

Vendor: Irfanview
Status: Mrsid Plugin
Vendor: CVE Published:; 2 January 2020

What is CVE-2013-3946?

A heap-based buffer overflow vulnerability exists in the MrSID plugin for IrfanView before version 4.37. This issue can allow remote attackers to exploit the vulnerability by sending specially crafted levels headers, potentially leading to arbitrary code execution on the affected system. Users of the MrSID plugin are advised to update to the latest version to mitigate this risk.

Affected Version(s)

MrSID plugin before 4.37

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/89806

x_refsource_MISC

https://www.irfanview.com/history_old.htm

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2020
Vulnerability Reserved
Jun 4, 2013

JSON

Irfanview

What is CVE-2013-3946?

Affected Version(s)

References

CVSS V3.1

Timeline