fkie_nvd - fkie_cve-2013-6932

fkie_cve-2013-6932

Vulnerability from fkie_nvd

Published

2013-12-28 04:53

Modified

2025-04-11 00:51

Severity ?

Summary

Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window.

References

	URL	Tags
	vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN63194482/index.html
	vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2013-000120
	vultures@jpcert.or.jp	http://www.irfanview.com/main_history.htm
	af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN63194482/index.html
	af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2013-000120
	af854a3a-2127-422b-91ae-364da2661108	http://www.irfanview.com/main_history.htm

Impacted products

Vendor	Product	Version
irfanview	irfanview	*
irfanview	irfanview	4.00
irfanview	irfanview	4.10
irfanview	irfanview	4.20
irfanview	irfanview	4.23
irfanview	irfanview	4.25
irfanview	irfanview	4.27
irfanview	irfanview	4.28
irfanview	irfanview	4.30
irfanview	irfanview	4.32
irfanview	irfanview	4.33
irfanview	irfanview	4.35

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "74420D72-9C49-47BE-8AB7-28469088584D",
              "versionEndIncluding": "4.36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:4.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "535174D3-2470-4FF3-827B-70737F6872FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "93312055-0238-4082-A3E0-E2E50491103A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5F225C4-EEFA-4DEE-81AA-BB69172FAE0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:4.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC85E443-08AE-4222-9807-9C2514713C54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:4.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "890A26BB-117B-4F8E-A22A-992EC9FECAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:4.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "321399A6-2ED0-4F88-B62C-6B0E248F9F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:4.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C6ACEBC-5042-427A-862B-EBC0DCB7056E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:4.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D2DBB10-07D4-43CE-80C4-6875C4A120C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:4.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CB9951A-AA2A-4DD9-91E7-1A741D8FDCC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:4.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "01BFBF79-0937-4817-B27F-AAB22D14A193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:irfanview:irfanview:4.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "81B875AF-40F2-4CFB-8E7D-6B2E5EE87370",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature in the Thumbnails window."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en IrfanView anterior a 4.37  cuando se utiliza un nombre de directorio de caracteres multibyte, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante un archivo manipulado  el cual se maneja incorrectamente por la funcionalidad de informaci\u00f3n de herramientas en miniatura ofrecen en la ventana Miniaturas."
    }
  ],
  "id": "CVE-2013-6932",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-12-28T04:53:06.727",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvn.jp/en/jp/JVN63194482/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000120"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://www.irfanview.com/main_history.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN63194482/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.irfanview.com/main_history.htm"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-6932 (GCVE-0-2013-6932)

Vulnerability from cvelistv5

Published

2013-12-28 02:00