IrfanView Multiple Buffer Overflow Vulnerabilities
Release Date : 2012-03-29
Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch
Software: IrfanView 4.x
Multiple vulnerabilities have been reported in IrfanView, which can be exploited by malicious people to compromise a user's system.
1) A boundary error when processing RLE compressed bitmap files can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DIB, RLE, or BMP image.
This vulnerability is confirmed in version 4.32.
2) The application bundles a vulnerable version of JPEG2000 PlugIn.
The vulnerabilities are reported in versions prior to 4.33.
Update to version 4.33.
Provided and/or discovered by:
1) Parvez Anwar via Secunia