SECUNIA ADVISORY ID: SA34525
VERIFY ADVISORY: http://secunia.com/advisories/34525/
CRITICAL: Highly Critical
DESCRIPTION: Secunia Research has discovered a vulnerability in IrfanView's Formats plug-in, which can be exploited by malicious people to compromise a user's system. The vulnerability is confirmed in version 4.22. Other versions may also be affected.
The vulnerability is caused due to an integer overflow when processing XPM files with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM file.
SOLUTION: Update to version 4.23.
PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research.
ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2009-20/
IrfanView Formats Plug-in XPM Integer Overflow VulnerabilityPosted on Tuesday, April 07, 2009 @ 17:16:21 CDT in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
