IrfanView Formats PlugIn Multiple Buffer Overflow Vulnerability
Last Update Date:
4 Jun 2012
Release Date:
1 Jun 2012
5167
Views
RISK: Medium Risk
TYPE: Clients - Graphics & Design
Multiple vulnerabilities have been identified in IrfanView Formats PlugIn, which can be exploited by malicious people to compromise a user's system.
- Due to an error within the ECW plugin (NCSEcw.dll) when decompressing images and can be exploited to cause a heap-based buffer overflow via a specially crafted file.
- Due to a boundary error when processing TTF font names and can be exploited to cause a stack-based buffer overflow via a specially crafted font file.
Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.
Impact
- Remote Code Execution
System / Technologies affected
- IrfanView Formats PlugIn 4.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply Formats PlugIn patch version 4.34.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with