IrfanView .PAL Importing Remote Stack Based Buffer Overflow Vulnerability
BID:26089
Info
IrfanView .PAL Importing Remote Stack Based Buffer Overflow Vulnerability
| Bugtraq ID: | 26089 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4343 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 16 2007 12:00AM |
| Updated: | Oct 16 2007 07:57PM |
| Credit: | Stefan Cornelius of Secunia Research is credited with the discovery of this issue. |
| Vulnerable: |
IrfanView IrfanView 4.00 |
| Not Vulnerable: |
IrfanView IrfanView 4.10 |
Discussion
IrfanView .PAL Importing Remote Stack Based Buffer Overflow Vulnerability
IrfanView is prone to a remote stack-based buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.
IrfanView 4.00 is vulnerable; other versions may also be affected.
IrfanView is prone to a remote stack-based buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute arbitrary machine code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.
IrfanView 4.00 is vulnerable; other versions may also be affected.
Exploit / POC
IrfanView .PAL Importing Remote Stack Based Buffer Overflow Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
IrfanView .PAL Importing Remote Stack Based Buffer Overflow Vulnerability
Solution:
The vendor released IrfanView 4.10 to address this issue. Please see the references for more information.
Solution:
The vendor released IrfanView 4.10 to address this issue. Please see the references for more information.
References
IrfanView .PAL Importing Remote Stack Based Buffer Overflow Vulnerability
References:
References:
- Download IrfanView (IfranView)
- History of Changes (IrfanView)
- IrfanView Homepage (irfan skiljan)
- Secunia Research: IrfanView Palette File Importing Buffer Overflow Vulnerability (Secunia Research
- Secunia Research: IrfanView Palette File Importing Buffer Overflow Vulnerability (Secunia Research)