Skip to main content

IrfanView Formats PlugIn Multiple Buffer Overflow Vulnerability

Last Update Date: 4 Jun 2012 Release Date: 1 Jun 2012 5167 Views

RISK: Medium Risk

TYPE: Clients - Graphics & Design

TYPE: Graphics & Design

Multiple vulnerabilities have been identified in IrfanView Formats PlugIn, which can be exploited by malicious people to compromise a user's system.

  1. Due to an error within the ECW plugin (NCSEcw.dll) when decompressing images and can be exploited to cause a heap-based buffer overflow via a specially crafted file.
  2. Due to a boundary error when processing TTF font names and can be exploited to cause a stack-based buffer overflow via a specially crafted font file.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.


Impact

  • Remote Code Execution

System / Technologies affected

  • IrfanView Formats PlugIn 4.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Apply Formats PlugIn patch version 4.34.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link