Calendar Of Updates: IrfanView Formats Plug-in XPM Integer Overflow Vulnerability - Calendar Of Updates

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

IrfanView Formats Plug-in XPM Integer Overflow Vulnerability Solution: Upgrade to v4.23

#1 User is offline   Donna Icon

  • Solar
  • PipPipPipPipPipPipPipPipPip
  • View blog
  • Group: Admin - Site
  • Posts: 16,263
  • Joined: 11-October 03

Awards Bar:

Users Awards

Posted 07 April 2009 - 05:38 PM

Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an integer overflow when processing XPM files with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM file.
The vulnerability is confirmed in version 4.22. Other versions may also be affected.

http://secunia.com/advisories/34525/
http://www.irfanview.com/
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Disclaimer: While CalendarOfUpdates.com uses reasonable efforts to include accurate and up-to-date information, we make no warranties or representations as to the accuracy of the content and assume no liability or responsibility for any error or omission in the content. CalendarofUpdates.com does not represent or warrant that use of any content will not infringe rights of third parties. CalendarOfUpdates.com has no responsibility for actions of third parties or for content provided or posted by others.
All services are subject to the Terms of Service.
Except where otherwise stated, all content Copyright © 2003 - 2010 Dozleng, LLC