Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-5447

CWE-119Buffer Overflow4 documents4 sources
Severity
6.8MEDIUM
EPSS
68.3%
top 1.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Forms Viewer
Timeline
PublishedDec 10
Latest updateMay 17

Description

Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDibm/forms_viewer5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-qf3h-37cw-qmp7: Stack-based buffer overflow in IBM Forms Viewer 42022-05-17
CVEList
CVE-2013-5447: Stack-based buffer overflow in IBM Forms Viewer 42013-12-10

💥Exploits & PoCs

1
Exploit-DB
IBM Forms Viewer - Unicode Buffer Overflow (Metasploit)2014-01-07
CVE-2013-5447 (MEDIUM CVSS 6.8) | Stack-based buffer overflow in IBM | cvebase.io