IrfanView version 4.57 with WPG.dll version 2.0.0.0 suffer from access violation and out-of-bounds write vulnerabilities that can lead to denial of service or code execution.
25da92fa817b5a113c55b9e18072698748b07fb0bb80d1febb128c957f5b2d19IrfanView email plugin version 4.44 SEH buffer overflow exploit.
3cb99ffaeb3ff9b458094a24a5c8e5ce9602e65d2b5d09dcd252ec6d3b4e123fIrfanView email plugin version 4.50 SEH unicode buffer overflow exploit.
7cb5e57b65ee11d382c98d41edbd12ab10f38857e49dfbaad8e91f57cd6a8da5IrfanView version 4.44 suffers from an overflow vulnerability.
733c379ee42e567d696579edf278a3b20d3e2978a16e590732cfd712a558e9a1IrfanView version 4.33 suffers from a code execution vulnerability in IMXCF.DLL.
0a1f142ba76135c7bcf860c32266bf1a855ad2cd191192fcf8ec2176558f0b9cIrfanView version 4.33 suffers from a RLE image decompression buffer overflow vulnerability. Proof of concept included.
c7280f0bbcb5f8e1f959afbe12d0a3869c8de4db879212848a1273b635432924IrfanView version 4.33 suffers from a TIF image decompression buffer overflow vulnerability. Proof of concept included.
72b8882cb0faee2b7373d6e6e4b71c5ed206922b7475df22542144a2d004de0dSecunia Security Advisory - A vulnerability has been discovered in IrfanView, which can be exploited by malicious people to compromise a user's system.
ecaab2e98606754f083cbeaf42919774e548699df825d9a5acb059002933a0bbThis Metasploit module exploits a stack-based buffer overflow vulnerability in versions 4.3.2.0 and below of Irfanview's JPEG2000.dll plugin. This exploit has been tested on a specific version of irfanview (v4.3.2), although other versions may work also. The vulnerability is triggered via parsing an invalid qcd chunk structure and specifying a malformed qcd size and data. Payload delivery and vulnerability trigger can be executed in multiple ways. The user can double click the file, use the file dialog, open via the icon and drag/drop the file into Irfanview\'s window. An egg hunter is used for stability.
c5cce711dbd4abe77f358a5360b9fd21367c38e3811ab24c191fb5a02cb79609IrfanView Formats PlugIn is prone to an overflow condition. The JLS Plugin (jpeg_ls.dll) library fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted JLS compressed image file, a context-dependent attacker could potentially execute arbitrary code. Proof of concept included. Irfanview Plugins version 4.33 is affected.
cd8bb7da17eb6fd5c44d2f4ceac57a18c44aca435eea690d9247652a97f176d8IrfanView version 4.33 suffers from a DJVU image processing heap overflow vulnerability. Proof of concept included.
e436390561dec51d8a5dee5ab9cec39964b18ee239173724fdeb63a1dfbb24c1Secunia Security Advisory - Francis Provencher has discovered a vulnerability in IrfanView Formats PlugIn, which can be exploited by malicious people to compromise a user's system.
4aab7b55fac10269055188d8782bedc1c5003b831ba88acae3d6e07377f19f37The Format plugin in IrfanView version 4.33 suffers from a TTF file parsing stack based overflow vulnerability. Proof of concept TTF file included.
ef722236a74014bdcead5b4e91a1c08b978a058a903f4d9df3043c15edb2afa7IrfanView version 4.33 suffers from a format plugin ECW decompression heap overflow vulnerability. Proof of concept included.
c43538eed93169fc8652f2b6ea9ae40400dd1b5be469cc38d6a0f59a42a293b4Secunia Security Advisory - Francis Provencher has discovered a vulnerability in IrfanView Formats PlugIn, which can be exploited by malicious people to compromise a user's system.
fa1c106f2e8e06a4b01e5865a823fe79486090346f4cc03cf23a11cec077c887Secunia Security Advisory - Francis Provencher has discovered a vulnerability in IrfanView Formats PlugIn, which can be exploited by malicious people to compromise a user's system.
ebea45f930875aa38ecb4607ce1c3ae21622343b3c11f6709af1ffd9e5fefe0eSecunia Security Advisory - Francis Provencher has discovered a vulnerability in the FlashPix PlugIn for IrfanView, which can be exploited by malicious people to compromise a user's system.
621d0dd4ee0bb7549e55417521a577ee845b46b52f0875ba7da3206428ea9969Secunia Security Advisory - Multiple vulnerabilities have been reported in IrfanView, which can be exploited by malicious people to compromise a user's system.
7882522a6b7e678051422106268225b9b71cb26c89f9aef09f874e4d1f268cabSecunia Security Advisory - Parvez Anwar has discovered a vulnerability in IrfanView PlugIns, which can be exploited by malicious people to compromise a user's system.
4be452173132d2488810a10d149c25ba71aa23cc5982353371097ae927f0a0c5A vulnerability in the IrfanView FlashPix plugin exists due to the "Free_All_Memory()" function not properly setting certain decoder elements to NULL after freeing them, which can be exploited to cause a double-free condition via specially crafted FPX images. Proof of concept exploit included.
fd583f5874fee2012eada88e8599ffeaa35b493c3a60e8084c24257dfd12afb7IrfanView suffers from a heap-based buffer overflow vulnerability when parsing malicious TIFF images. Proof of concept exploit included.
0d475986f882b8c441677da90e11f68d6d58c3d8306b9fea5575d224ba69b2d2Secunia Security Advisory - Francis Provencher has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system.
c8127bbecbe094a401f09d85dea5ede276d9e3471d7a1f9f2107dc545bbe5685Secunia Security Advisory - Francis Provencher has discovered a vulnerability in the FlashPix PlugIn for IrfanView, which potentially can be exploited by malicious people to compromise a user's system.
3f5283717b2b01f47b0adf179b76ae23538ab43c693a17b9a318cd2bd61deb18IrfanView version 4.28 .ICO file without transparent colour denial of service exploit.
0b08bcd459993385237d031eb341a2acac82577acd468f0dcd6b9d813bb7154aIrfanView version 4.28 .ICO file with transparent colour denial of service exploit.
3a63a85f18060a1bd03245f0f21730729638010886e098858a173c8b21e84f9cMultiple denial of service exploits for IrfanView version 4.28.
45064f50eac6cfb52a766828005b803b64967167082a5952d82725008f6ee4f7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed