CVE-2013-3481
critical
CVSS v3
—
CVSS v2
9.3
VIR risk
9.3
Description
Stack-based buffer overflow in Artweaver Plus and Free before 3.1.5 allows remote attackers to execute arbitrary code via a crafted JPG image file.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: PSIRT-CNA@flexerasoftware.com — http://secunia.com/advisories/52652
Vendor advisory: PSIRT-CNA@flexerasoftware.com — http://forum.artweaver.de/viewtopic.php?f=5&t=2248
Vendor advisory: PSIRT-CNA@flexerasoftware.com — http://forum.artweaver.de/viewtopic.php?f=5&t=2247
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| b-e-soft | artweaver_free | {"endIncluding":"3.1.4"} | |
| b-e-soft | artweaver_plus | {"endIncluding":"3.1.4"} | |
References
- http://forum.artweaver.de/viewtopic.php?f=5&t=2247
- http://forum.artweaver.de/viewtopic.php?f=5&t=2248
- http://osvdb.org/93751
- http://secunia.com/advisories/52652
- http://www.securityfocus.com/bid/60236
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84636
- http://forum.artweaver.de/viewtopic.php?f=5&t=2247
- http://forum.artweaver.de/viewtopic.php?f=5&t=2248
- http://osvdb.org/93751
- http://secunia.com/advisories/52652
- http://www.securityfocus.com/bid/60236
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84636
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.