Release date:
Updated on: 2012-03-30
Affected Systems:
IrfanView 4.32
IrfanView 4.30
IrfanView 4.3.20
IrfanView 4.28
IrfanView 4.27
IrfanView 4.25
IrfanView 4.23
Unaffected system:
IrfanView 4.33
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52806
IrfanView is a graphic view software.
IrfanView has a boundary error when processing RLE Compressed bitmap files and is bound with a vulnerable version of the 2000in in. You can trick users into opening specially crafted DIB, RLE, or BMP images to cause heap buffer overflow, control the user system.
<* Source: Parvez Anwar
Link: http://secunia.com/advisories/47333/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IrfanView
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.irfanview.net/