VIR Vulnerability Intelligence Relay

CVE-2013-2577

critical
Published 2013-08-09 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
10.0

Description

Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-27049 dos windows verified
Core Security ยท 2013-07-23

XnView 2.03 - '.pct' Buffer Overflow

Source code queued for fetch โ€” refresh in a moment.

Application impact
VendorProductVersionsFixed
xnviewxnview{"endIncluding":"2.03"}
xnviewxnview1.0
xnviewxnview1.01
xnviewxnview1.02
xnviewxnview1.03
xnviewxnview1.04
xnviewxnview1.05
xnviewxnview1.06
xnviewxnview1.07
xnviewxnview1.08
xnviewxnview1.09
xnviewxnview1.10
xnviewxnview1.11
xnviewxnview1.12
xnviewxnview1.13
xnviewxnview1.14
xnviewxnview1.15
xnviewxnview1.16
xnviewxnview1.17
xnviewxnview1.18
xnviewxnview1.18.1
xnviewxnview1.19
xnviewxnview1.20
xnviewxnview1.21
xnviewxnview1.22
xnviewxnview1.23
xnviewxnview1.24
xnviewxnview1.25
xnviewxnview1.30
xnviewxnview1.31
xnviewxnview1.32
xnviewxnview1.33
xnviewxnview1.34
xnviewxnview1.35
xnviewxnview1.36
xnviewxnview1.37
xnviewxnview1.40
xnviewxnview1.41
xnviewxnview1.45
xnviewxnview1.46
xnviewxnview1.50
xnviewxnview1.50.1
xnviewxnview1.55
xnviewxnview1.60
xnviewxnview1.61
xnviewxnview1.65
xnviewxnview1.66
xnviewxnview1.67
xnviewxnview1.68
xnviewxnview1.68.1
xnviewxnview1.70
xnviewxnview1.70.2
xnviewxnview1.70.3
xnviewxnview1.70.4
xnviewxnview1.74
xnviewxnview1.80
xnviewxnview1.80.1
xnviewxnview1.80.2
xnviewxnview1.80.3
xnviewxnview1.82
xnviewxnview1.82.2
xnviewxnview1.82.3
xnviewxnview1.82.4
xnviewxnview1.90
xnviewxnview1.90.1
xnviewxnview1.90.3
xnviewxnview1.91
xnviewxnview1.91.1
xnviewxnview1.91.2
xnviewxnview1.91.3
xnviewxnview1.91.4
xnviewxnview1.91.5
xnviewxnview1.91.6
xnviewxnview1.92
xnviewxnview1.92.1
xnviewxnview1.93
xnviewxnview1.93.1
xnviewxnview1.93.2
xnviewxnview1.93.3
xnviewxnview1.93.4
xnviewxnview1.93.6
xnviewxnview1.94
xnviewxnview1.94.1
xnviewxnview1.94.2
xnviewxnview1.95
xnviewxnview1.95.1
xnviewxnview1.95.2
xnviewxnview1.95.3
xnviewxnview1.95.4
xnviewxnview1.96
xnviewxnview1.96.1
xnviewxnview1.96.2
xnviewxnview1.96.5
xnviewxnview1.97
xnviewxnview1.97.1
xnviewxnview1.97.2
xnviewxnview1.97.3
xnviewxnview1.97.4
xnviewxnview1.97.5
xnviewxnview1.97.6
xnviewxnview1.97.7
xnviewxnview1.97.8
xnviewxnview1.98
xnviewxnview1.98.1
xnviewxnview1.98.2
xnviewxnview1.98.3
xnviewxnview1.98.4
xnviewxnview1.98.5
xnviewxnview1.98.6
xnviewxnview1.98.7
xnviewxnview1.98.8
xnviewxnview1.99
xnviewxnview1.99.1

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.