IrfanView TIFF Image File Remote Heap Based Buffer Overflow Vulnerability

Bugtraq ID:	51132
Class:	Boundary Condition Error
CVE:	CVE-2011-5233
Remote:	Yes
Local:	No
Published:	Dec 20 2011 12:00AM
Updated:	Oct 29 2012 01:00PM
Credit:	Francis Provencher, Protek Research Lab's via Secunia
Vulnerable:	IrfanView IrfanView 4.30
Not Vulnerable:	IrfanView IrfanView 4.32

IrfanView TIFF Image File Remote Heap Based Buffer Overflow Vulnerability

IrfanView is prone to a remote heap-based buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.

IrfanView 4.30 is vulnerable; other versions may also be affected.

IrfanView TIFF Image File Remote Heap Based Buffer Overflow Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

IrfanView TIFF Image File Remote Heap Based Buffer Overflow Vulnerability

Solution:
Updates are available; please see the references for more information.

IrfanView TIFF Image File Remote Heap Based Buffer Overflow Vulnerability

References:

• History of changes (IrfanView)
  
• IrfanView Homepage (IrfanView)