Release date:
Updated on:
Affected Systems:
IrfanView Formats Plug-in 4.33
Unaffected system:
IrfanView Formats Plug-in 4.34
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54244
Cve id: CVE-2012-3585
IrfanView is a fast and free Image Viewer, browser, and converter. The FORMATS plugin allows IrfanView to read unusual image FORMATS.
Versions earlier than IrfanView Formats PlugIn 4.34 have a security vulnerability in processing user input. After successful exploitation, remote attackers can execute arbitrary code in affected applications.
<* Source: Joseph Sheridan
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IrfanView
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.irfanview.net/