IrfanView Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host has IrfanView installed and is prone to buffer overflow vulnerabilities.

Impact

Successful exploitation will allow attacker to allow execution of arbitrary code or to compromise a user's system. Impact Level: System/Application.

Solution

Upgrade to version 4.27 or later, For updates refer to http://www.irfanview.com

Insight

The flaws are due to, - A sign extension error when parsing certain 'PSD' images - A boundary error when processing certain 'RLE' compressed 'PSD' images. These can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file.

Affected

IrfanView version prior to 4.27

References

http://secunia.com/advisories/39036
http://secunia.com/secunia_research/2010-41

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1509, CVE-2010-1510
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

VLC Media Player OGG Demuxer Buffer Overflow Vulnerability (Windows)
Oracle MySQL 'COM_FIELD_LIST' Command Buffer Overflow Vulnerability
ZoneAlarm Internet Security Suite Buffer Overflow Vulnerability
Mereo 'GET' Request Remote Buffer Overflow Vulnerability
BigAnt IM Server 'USV' Request Buffer Overflow Vulnerability

Take action and discover your vulnerabilities