Skip to main content

IrfanView Multiple Buffer Overflow Vulnerabilities

Last Update Date: 2 Apr 2012 11:28 Release Date: 2 Apr 2012 5612 Views

RISK: Medium Risk

TYPE: Clients - Graphics & Design

TYPE: Graphics & Design

Multiple vulnerabilities have been identified in IrfanView, which can be exploited by malicious people to compromise a user's system.

  1. A boundary error when processing RLE compressed bitmap files can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DIB, RLE, or BMP image.
  2. The application bundles a vulnerable version of JPEG2000 PlugIn.

Impact

  • Remote Code Execution

System / Technologies affected

  • IrfanView 4.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 4.33.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link