IrfanView Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host has IrfanView installed and is prone to buffer overflow vulnerabilities.

Impact

Successful exploitation will allow attacker to allow execution of arbitrary code or to compromise a user's system. Impact Level: System/Application.

Solution

Upgrade to version 4.27 or later, For updates refer to http://www.irfanview.com

Insight

The flaws are due to, - A sign extension error when parsing certain 'PSD' images - A boundary error when processing certain 'RLE' compressed 'PSD' images. These can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file.

Affected

IrfanView version prior to 4.27

References

http://secunia.com/advisories/39036
http://secunia.com/secunia_research/2010-41

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1509, CVE-2010-1510

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Blue Coat K9 Web Protection Multiple Buffer Overflow Vulnerabilities
Ziproxy Image Parsing Multiple Integer Overflow Vulnerabilities
Novell iManager jclient 'EnteredAttrName' Buffer Overflow Vulnerability
VLC Media Player OGG Demuxer Buffer Overflow Vulnerability (Windows)
SIP Express Router Register Buffer Overflow

Take action and discover your vulnerabilities