Release date:
Updated on: 2012-06-04
Affected Systems:
IrfanView Formats Plug-in 4.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53756
IrfanView is a fast and free Image Viewer, browser, and converter. The FORMATS plugin allows IrfanView to read unusual image FORMATS.
IrfanView 4.33 has a boundary error in implementation when IrfanView Formats PlugIn processes TTF font names. This vulnerability can be exploited by specially crafted font files to cause stack buffer overflow and arbitrary code execution.
<* Source: Francis Provencher
Link: http://secunia.com/advisories/49319/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IrfanView
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.irfanview.net/