CVE-2013-3945

EPSS 2.1%

In short

The MrSID image plugin for IrfanView versions before 4.37 contains a flaw that allows attackers to run malicious code by opening a specially crafted image file with a malformed nband tag.

Technical detail

The MrSID.dll plugin fails to properly validate the nband tag in MrSID image files, enabling remote code execution when a victim opens a crafted file. An attacker can deliver the malicious image via network or email, and execution occurs within the context of the IrfanView application.

Summary generated and translated by AI from the official description.

The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag.

Affected products

IrfanView · MrSID plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/89805 https://www.irfanview.com/history_old.htm