Vulnerabilities > CVE-2013-3480 - Numeric Errors vulnerability in Sagelighteditor Sagelight 4.4

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
sagelighteditor
CWE-189
critical

Summary

Integer overflow in Sagelight 4.4 and earlier allows remote attackers to execute arbitrary code via crafted width and height dimensions in a BMP file, which triggers a heap-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Sagelighteditor
1

Common Weakness Enumeration (CWE)