CVE-2013-3928

Published Mar 11, 2014

Last updated 3 months ago

CVSS info 9.3

Overview

Description: Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a BMP file.
Source: PSIRT-CNA@flexerasoftware.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jpchacha:chasys_draw_ies:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64728E84-A238-47FA-A0AF-F38E4CC26DB9",
            "versionEndIncluding": "4.10.01"
          },
          {
            "criteria": "cpe:2.3:a:jpchacha:chasys_draw_ies:4.00.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3C95F0F-2BA0-43B6-825A-624CE6739740"
          },
          {
            "criteria": "cpe:2.3:a:jpchacha:chasys_draw_ies:4.01.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A9CBE9-6D70-4B37-9DB6-1BC06B41DF95"
          },
          {
            "criteria": "cpe:2.3:a:jpchacha:chasys_draw_ies:4.02.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CCC46D2-E50B-4D11-AA1F-0B68E70D0630"
          },
          {
            "criteria": "cpe:2.3:a:jpchacha:chasys_draw_ies:4.03.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11C0F171-F049-4A46-855C-4BB09A1B48C2"
          },
          {
            "criteria": "cpe:2.3:a:jpchacha:chasys_draw_ies:4.04.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7D4158A-D617-402D-8B93-6B2A97139C45"
          },
          {
            "criteria": "cpe:2.3:a:jpchacha:chasys_draw_ies:4.06.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4CBCC7D-745E-4B31-9289-347C948FA1EC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References