IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability Network Vulnerability

Summary

This host has IrfanView with JPEG-2000 plugin installed and is prone to stack based buffer overflow vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary code. Impact Level: Application

Solution

Upgrade IrfanView JPEG-2000 Plugin version to 4.33 or later For updates refer to http://www.irfanview.com/plugins.htm

Insight

The flaw is due to an error in the JPEG2000 plug-in when processing the Quantization Default (QCD) marker segment. This can be exploited to cause a stack-based buffer overflow via a specially crafted JPEG2000 (JP2) file.

Affected

IrfanView JPEG-2000 Plugin version prior to 4.33

References

http://osvdb.org/78333
http://secunia.com/advisories/47360
http://www.irfanview.com/plugins.htm
http://xforce.iss.net/xforce/xfdb/72398

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0897
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ICQ 'ICQToolBar.dll' Buffer Overflow Vulnerability
Integard Home and Pro HTTP Buffer Overflow Vulnerability
Simple Web Server Connection Header Buffer Overflow Vulnerability
ZoneAlarm Internet Security Suite Buffer Overflow Vulnerability
CoCSoft Stream Down Buffer overflow Vulnerability

Take action and discover your vulnerabilities