Release date:
Updated on:
Affected Systems:
IrfanView Formats Plug-in 4.33
Unaffected system:
IrfanView Formats Plug-in 4.34
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53744
IrfanView is a fast and free Image Viewer, browser, and converter. The FORMATS plugin allows IrfanView to read unusual image FORMATS.
IrfanView 4.34 has the remote heap buffer overflow vulnerability in the implementation of IrfanView Formats PlugIn. Remote attackers can exploit this vulnerability to cause heap buffer overflow and execute arbitrary code.
<* Source: Francis Provencher
Link: http://protekresearchlab.com/index.php? Option = com_content & view = article & id = 43 & Itemid = 43
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IrfanView
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.irfanview.net/