Peaches Posted April 7, 2009 Report Share Posted April 7, 2009 7 April 2009, 17:13Critical vulnerability in plug-in for IrfanView image viewer A critical vulnerability has been found in the Formats plug-in (format.dll) for the popular image viewer IrfanView. According to the security service provider Secunia, the problem is caused by an integer overflow when processing XPM files with specific dimensions. The vulnerability can be used by an attacker to compromise a user's system and infect it with malware. For an attack to be successful, a user must first be tricked into opening a specially crafted XPM file that causes the heap-based buffer overflow.The IrfanView image viewer itself does not contain the vulnerability. By default the user must first install a vulnerable plug-in. The vulnerability was detected in version 4.22 of the IrfanView Formats plug-in. Updating to version 4.23(direct download) of the Formats plug-in should resolve the problem.See also:IrfanView Formats Plug-in XPM Parsing Integer Overflow, advisory from Secunia Research.Heise security - http://tinyurl.com/cjwylk>>>>>>>>>>>>>>> Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.