Calendar Of Updates: IrfanView Formats Plug-in XPM Integer Overflow Vulnerability - Calendar Of Updates

Jump to content


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

IrfanView Formats Plug-in XPM Integer Overflow Vulnerability Solution: Upgrade to v4.23

#1 User is offline   Donna 

  • Guinea Pig???
  • PipPipPipPipPipPipPipPipPip
  • View blog
  • Group: Admin - Site
  • Posts: 17,374
  • Joined: 11-October 03


Users Awards

Posted 07 April 2009 - 05:38 PM

Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an integer overflow when processing XPM files with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM file.
The vulnerability is confirmed in version 4.22. Other versions may also be affected.

http://secunia.com/advisories/34525/
http://www.irfanview.com/

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic