Описание
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.
Ссылки
- Permissions RequiredVendor Advisory
- Not ApplicableThird Party Advisory
- Permissions RequiredVendor Advisory
- Not ApplicableThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.13 (исключая)
cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05321
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-787
Связанные уязвимости
github
почти 4 года назад
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow.
EPSS
Процентиль: 90%
0.05321
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-787