CVE-2013-3480 - Integer overflow in Sagelight 4.4 and earlier allows remote attackers to execute arbitrary code via

CVE-2013-3480

Summary

Integer overflow in Sagelight 4.4 and earlier allows remote attackers to execute arbitrary code via crafted width and height dimensions in a BMP file, which triggers a heap-based buffer overflow.

References

http://secunia.com/advisories/52705
http://www.securityfocus.com/bid/61408
https://exchange.xforce.ibmcloud.com/vulnerabilities/85920

Vulnerable Configurations

cpe:2.3:a:sagelighteditor:sagelight:4.4:*:*:*:*:*:*:*
cpe:2.3:a:sagelighteditor:sagelight:4.4:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-08-2017 - 01:33)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	61408
secunia	52705
xf	sagelight-cve20133480-bmp-bo(85920)

Last major update

29-08-2017 - 01:33

Published

09-08-2013 - 20:56

Last modified

29-08-2017 - 01:33