IrfanView Palette File Importing Buffer Overflow Vulnerability

Posted on Tuesday, October 16, 2007 @ 19:30:06 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA26619

VERIFY ADVISORY: http://secunia.com/advisories/26619/

CRITICAL: Moderately critical

IMPACT: System access

WHERE: >From remote

SOFTWARE:
IrfanView 4.x: http://secunia.com/product/14192/
IrfanView 3.x: http://secunia.com/product/2532/

DESCRIPTION: Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when importing palette (*.pal) files. This can be exploited to cause a stack-based buffer overflow by tricking a user into importing a specially crafted palette (*.pal) file.

Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 4.00. Other versions may also be affected.

SOLUTION: Update to version 4.10.: http://www.irfanview.com/main_download_engl.htm

PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research.

ORIGINAL ADVISORY:
Secunia: http://secunia.com/secunia_research/2007-71/
IrfanView: http://www.irfanview.com/main_history.htm
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 346,369,720
  • Today: 24,724
Server InfoServer Info
  • Jan 22, 2018
  • 12:27 pm PST
 
 

Daily Inspiration