IrfanView Formats Plug-in XPM Integer Overflow Vulnerability

Posted on Tuesday, April 07, 2009 @ 18:16:21 CEST in Security
by Raven



CRITICAL: Highly Critical

DESCRIPTION: Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in, which can be exploited by malicious people to compromise a user's system. The vulnerability is confirmed in version 4.22. Other versions may also be affected.

The vulnerability is caused due to an integer overflow when processing XPM files with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM file.

SOLUTION: Update to version 4.23.

PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research.

ORIGINAL ADVISORY: Secunia Research:
click Related        click Share
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 375,106,936
  • Today: 53,772
Server InfoServer Info
  • Jan 17, 2019
  • 07:11 pm CET