Irfanview 4.25 Image Viewer Fixes Critical Vulnerability


Recommended Posts

22 June 2009, 16:08

IrfanView 4.25 image viewer fixes critical vulnerability

A highly critical vulnerability has been found in the popular image viewer IrfanView that can lead to a heap-based buffer overflow. According to the security service provider Secunia, the problem is caused by an integer overflow when re-sampling certain 1 BPP images and potentially can be used to compromise a user's system. For an attack to be successful, a victim must first be tricked into opening a specially crafted TIFF image file and also re-sample the image, or use the screen fitting option.

The 4.25 release resolves the issue and adds several new features, including support for additional formats. More details about IrfanView 4.25 can be found on the History of IrfanView changes/versions web page. All users are encouraged to update to the new release in order to protect their systems.

See also:

IrfanView 1BPP Image Resampling Integer Overflow Vulnerability, security advisory from Secunia Research.

Heise security - http://www.h-online.com/security/IrfanView...y--/news/113582

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...