IrfanView Integer Overflow Vulnerability Network Vulnerability

Summary

This host has IrfanView installed and is prone to Integer Overflow vulnerability.

Impact

Successful exploitation will allow attacker to cause Integer Overflow when screen fitting option is enabled. Impact Level: Application

Solution

Upgrade to version 4.25 http://www.irfanview.com

Insight

This flaw is generated because the application fails to perform proper boundary checks while opening a specially crafted TIFF 1 BPP images which can exploited to cause a heap based buffer overflow.

Affected

IrfanView version prior to 4.25

References

http://secunia.com/advisories/35359
http://www.irfanview.com/main_history.htm

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2118

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ScriptFTP 'GETLIST' or 'GETFILE' Commands Remote Buffer Overflow Vulnerability
Disk Pulse Server Stack Remote Buffer Overflow Vulnerability
Personal File Share HTTP Server Remote Buffer Overflow Vulnerability
AbsoluteFTP 'LIST' Command Remote Buffer Overflow Vulnerability
Cyrus IMAP Server SIEVE Script Handling Buffer Overflow Vulnerability

Take action and discover your vulnerabilities