1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Critical Vulnerability In Irfanview Plugin

Discussion in 'Security Updates' started by snoopy, Apr 18, 2012.

  1. snoopy

    snoopy Registered Members

    Joined:
    Aug 1, 2010
    Messages:
    1,671
    Location:
    At my computer
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    custom built -
    Critical vulnerability in IrfanView plugin


    The official plugin package for the popular image viewer IrfanView is currently shipped with a vulnerable version of the FlashPix plugin. The code contains a critical vulnerability which could be exploited an attacker to infect a system with malicious code; the hole is caused by a heap buffer overflow.

    An attacker merely needs to get a user to open a specially crafted FlashPix format image with IrfanView to get their code to run. Admittedly, this is a relatively exotic file format which might not be opened deliberately, but it opening the file could also occur unknowingly, for example, when looking at a folder full of images and browsing their thumbnails with IrfanView.

    The FlashPix hole is patched in version 4.34 of the plugin pack but it must be reinstalled manually. The gap was discovered by security researcher Francis Provencher who reported it, confidentially, to Secunia. He has since released a proof of concept, which means that IrfanViw users who have installed the plugin package should update as soon as possible. A month ago, a similar issue in the XnView image viewer was also fixed.

    http://www.h-online....in-1539532.html
     
    snoopy, Apr 18, 2012
    #1

Share This Page