IrfanView Formats Plug-in XPM Integer Overflow Vulnerability

Posted on Tuesday, April 07, 2009 @ 17:16:21 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA34525

VERIFY ADVISORY: http://secunia.com/advisories/34525/

CRITICAL: Highly Critical

DESCRIPTION: Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in, which can be exploited by malicious people to compromise a user's system. The vulnerability is confirmed in version 4.22. Other versions may also be affected.

The vulnerability is caused due to an integer overflow when processing XPM files with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM file.

SOLUTION: Update to version 4.23.

PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research.

ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2009-20/
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 362,176,251
  • Today: 75,435
Server InfoServer Info
  • Jul 21, 2018
  • 06:08 pm PDT
 
 

Daily Inspiration