libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability
BID:51131
Info
libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability
| Bugtraq ID: | 51131 |
| Class: | Design Error |
| CVE: |
CVE-2012-0025 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 20 2011 12:00AM |
| Updated: | Nov 02 2012 09:20PM |
| Credit: | Francis Provencher, Protek Research Lab's via Secunia |
| Vulnerable: |
libfpx libfpx 1.3.1 IrfanView IrfanView 4.2.2 IrfanView IrfanView 4.2.2.0 |
| Not Vulnerable: |
libfpx libfpx 1.3.1-1 IrfanView IrfanView 4.3.20 |
Discussion
libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability
libfpx is prone to a remote code-execution vulnerability.
An attacker can exploit this issue by sending specially crafted FPX images to a vulnerable computer.
Successfully exploiting this issue will allow the attacker to execute arbitrary code in the context of the application using the affected library. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to libfpx 1.3.1 are vulnerable.
libfpx is prone to a remote code-execution vulnerability.
An attacker can exploit this issue by sending specially crafted FPX images to a vulnerable computer.
Successfully exploiting this issue will allow the attacker to execute arbitrary code in the context of the application using the affected library. Failed exploit attempts may result in a denial-of-service condition.
Versions prior to libfpx 1.3.1 are vulnerable.
Exploit / POC
libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references for more details.
Solution:
Updates are available. Please see the references for more details.
References
libfpx 'Free_All_Memory()' Function Double Free Remote Code Execution Vulnerability
References:
References:
- IrfanView Homepage (IrfanView)
- libfpx Homapage (libfpx)