Beschreibung
Multiple serious vulnerabilities have been found in IrfanView 4.44. Malicious users can exploit these vulnerabilities to cause a denial of service or execute arbitrary code.
Below is a complete list of vulnerabilities:
- An integer overflow vulnerability in the JPEG 2000 parser can be exploited remotely via a specially designed JPEG 2000 image to execute arbitrary code;
- Multiple buffer overflow vulnerabilities can be exploited locally via specially designed *.rle files to cause a denial of service or execute arbitrary code;
- Multiple buffer overflow vulnerabilities in Irfan View 4.44 with FPX Plugin 4.47 can be exploited locally via specially designed *.fpx files to cause a denial of service or execute arbitrary code;
- A buffer overflow vulnerability related to „Data from Faulting Address controls Branch Selection starting at USER32!wvsprintfA+0x00000000000002f3.“ issue can be exploited locally via a specially designed file to execute arbitrary code;
- A buffer overflow vulnerability in Irfan View 4.44 with FPX Plugin 4.45 can be exploited locally via specially designed *.fpx files to cause a denial of service or execute arbitrary code;
- A buffer overflow vulnerability can be exploited locally via specially designed *.mov files to execute arbitrary code;
- Multiple buffer overflow vulnerabilities in Irfan View 4.44 with FPX Plugin 4.46 can be exploited locally via specially designed *.fpx files to cause a denial of service or execute arbitrary code;
- A buffer overflow vulnerability in Irfan View 4.44 with FPX Plugin 4.46 can be exploited locally via specially designed *.fpx files to cause a denial of service or execute arbitrary code;
- Multiple buffer overflow vulnerabilities in Irfan View 4.44 with TOOLS Plugin 4.50 can be exploited locally via specially designed files to cause a denial of service or execute arbitrary code;
- Multiple buffer overflow vulnerabilities can be exploited locally via a specially designed *.svg file to cause a denial of service;
- A buffer overflow vulnerability can be exploited locally via a specially designed *.ani file to cause a denial of service;
- A buffer overflow vulnerability can be exploited locally via a specially designed *.djvu file to cause a denial of service;
- Multiple buffer overflow vulnerabilities can be exploited locally via a specially designed *.pdf file to cause a denial of service and execute arbitrary code;
- A buffer overflow vulnerability can be exploited locally via a specially designed *.tif file to cause a denial of service.
Technical details
Vulnerability (1) occurs while viewing image in IrfanView or by using its thumbnailing feature.
Vulnerabilities (2) are related to:
- „User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121.“
- „User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d96.“
- „User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d80.“
- „Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429.“
- „Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.“
- „Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.“
- „Invalid Handle starting at wow64!Wow64NotifyDebugger+0x000000000000001d.“
- „Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca.“
Vulnerabilities (3) are related to:
„User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000a529.“
„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b3ae.“
„Read Access Violation starting at wow64!Wow64NotifyDebugger+0x000000000000001d.“
„User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000a529.“
„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b3ae.“
„Read Access Violation starting at wow64!Wow64NotifyDebugger+0x000000000000001d.“
Vulnerability (6) exists because of a User Mode Write AV near NULL.
Vulnerabilities (7) are related to:
„User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000000f53.“
„User Mode Write AV starting at FPX+0x000000000000176c.“
„User Mode Write AV starting at FPX+0x0000000000001555.“
„User Mode Write AV starting at FPX!DE_Decode+0x0000000000000a9b.“
„User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000017426.“
„User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000016e53.“
„Read Access Violation on Control Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000014eb.“
„Read Access Violation on Control Flow starting at FPX!GetPlugInInfo+0x0000000000012bf2.“
„User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000007822.“
„User Mode Write AV starting at FPX!DE_Decode+0x0000000000000cdb.“
„Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c995.“
„Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c998.“
„Read Access Violation on Control Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c99a.“
„Data from Faulting Address controls subsequent Write Address starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000a525.“
„Data from Faulting Address controls Code Flow starting at FPX+0x0000000000007236.“
„Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000014e7.“
„Read Access Violation on Block Data Move starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b84f.“
Data from Faulting Address controls Code Flow starting at FPX+0x0000000000007216
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6.“
„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000006a98.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.“
„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX+0x000000000000688d.“
„Data from Faulting Address controls Branch Selection starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000031a0.“
„Read Access Violation starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000003714.“
„Read Access Violation starting at FPX+0x000000000000153a.“
„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000007053.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.“
Vulnerabilities (9) are related to:
„Read Access Violation on Block Data Move starting at ntdll_77df0000!memcpy+0x0000000000000033.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlFreeHandle+0x00000000000001b6.“
„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77df0000!RtlFreeHandle+0x0000000000000218.“
„Data from Faulting Address controls Branch Selection starting at.“ KERNELBASE!QueryOptionalDelayLoadedAPI+0x0000000000000c42.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResCompareResourceNames+0x0000000000000087.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResSearchResourceInsideDirectory+0x000000000000029e.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResGetMappingSize+0x00000000000003cc.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpCompareResourceNames_U+0x0000000000000062.“
Vulnerabilities (10) are related to:
„Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x000000000011d767.“
„Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000001f23e.“
Vulnerability (11) related to „Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4.“
Vulnerability (12) related to „Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613.“
Vulnerabilities 10-12 affect only 32-bit version of IrfanView.
Vulnerability (13) related to:
„Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000000000009174a.“
„Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c.“
„Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x000000000011624a.“
„Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000129a59.“
„Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x0000000000057b35.“
„Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x0000000000048d0c.“
„Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x00000000000166c4.“
Vulnerability (14) related to:
„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at image00000000_00400000+0x00000000000236e4.“
NB: Not every vulnerability already has CVSS rating, so cumulative CVSS rating can be not representative.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2017-15239 high
- CVE-2017-15240 high
- CVE-2017-15241 high
- CVE-2017-15242 high
- CVE-2017-15243 high
- CVE-2017-15244 high
- CVE-2017-15245 high
- CVE-2017-15246 high
- CVE-2017-15247 high
- CVE-2017-15248 high
- CVE-2017-15249 high
- CVE-2017-15250 high
- CVE-2017-15251 high
- CVE-2017-15252 high
- CVE-2017-15253 high
- CVE-2017-15254 high
- CVE-2017-15255 high
- CVE-2017-15256 high
- CVE-2017-15257 high
- CVE-2017-15258 high
- CVE-2017-15259 high
- CVE-2017-15260 high
- CVE-2017-15261 high
- CVE-2017-15262 high
- CVE-2017-15263 high
- CVE-2017-15264 high
- CVE-2017-10924 high
- CVE-2017-14693 high
- CVE-2017-10926 high
- CVE-2017-14578 high
- CVE-2017-8369 high
- CVE-2017-8370 high
- CVE-2017-8766 high
- CVE-2017-9534 high
- CVE-2017-9528 high
- CVE-2017-9530 high
- CVE-2017-9531 high
- CVE-2017-9532 high
- CVE-2017-9533 high
- CVE-2017-2813 high
- CVE-2017-9535 high
- CVE-2017-9536 high
- CVE-2017-9873 high
- CVE-2017-9874 high
- CVE-2017-9875 high
- CVE-2017-9876 high
- CVE-2017-9877 high
- CVE-2017-9878 high
- CVE-2017-9879 high
- CVE-2017-9880 high
- CVE-2017-9881 high
- CVE-2017-9882 high
- CVE-2017-9883 high
- CVE-2017-9884 high
- CVE-2017-9885 high
- CVE-2017-9886 high
- CVE-2017-9887 high
- CVE-2017-9888 high
- CVE-2017-9889 high
- CVE-2017-9890 high
- CVE-2017-9891 high
- CVE-2017-9892 high
- CVE-2017-14539 high
- CVE-2017-14540 high
- CVE-2017-10729 high
- CVE-2017-10730 high
- CVE-2017-10731 high
- CVE-2017-10732 high
- CVE-2017-10733 high
- CVE-2017-10734 high
- CVE-2017-10735 high
- CVE-2017-10925 high
- CVE-2017-9915 high
- CVE-2017-9916 high
- CVE-2017-9917 high
- CVE-2017-9918 high
- CVE-2017-9919 high
- CVE-2017-9920 high
- CVE-2017-9921 high
- CVE-2017-9922 high
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com