BID:51426

IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability

CVE-2012-897 |

Info

IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability

Bugtraq ID:	51426
Class:	Boundary Condition Error
CVE:	CVE-2012-0897
Remote:	Yes
Local:	No
Published:	Jan 16 2012 12:00AM
Updated:	Jul 15 2015 12:27AM
Credit:	Parvez Anwar
Vulnerable:	IrfanView JPEG2000 0 IrfanView JPEG-2000 Plugin 4.32

Not Vulnerable:	IrfanView JPEG-2000 Plugin 4.33

Discussion

IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability

IrfanView JPEG-2000 Plugin is prone to a remote stack-based buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.

IrfanView JPEG-2000 Plugin 4.32 is vulnerable; other versions may also be affected.

Exploit / POC

IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability

The following exploit code is available:

/data/vulnerabilities/exploits/51426.rb

Solution / Fix

IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability

Solution:
Updates are available; please see the references for more information.

References

IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability

References:

IrfanView Homepage (IrfanView)