Skip to main content

IrfanView PSD Image Parsing Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 13 May 2010 5382 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in IrfanView, which could be exploited by attackers to compromise a vulnerable system.

1. A sign-extension error when parsing certain PSD images can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file.

2. A boundary error when processing certain RLE compressed PSD images can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • IrfanView 4.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to IrfanView 4.27
http://irfanview.com/main_download_engl.htm


Vulnerability Identifier


Source


Related Link