DIESER SERVICE KANN ÜBERSETZUNGEN VON GOOGLE ENTHALTEN. GOOGLE ÜBERNIMMT KEINERLEI VERANTWORTUNG FÜR DIE ÜBERSETZUNGEN. DARUNTER FÄLLT JEGLICHE VERANTWORTUNG IN BEZUG AUF RICHTIGKEIT UND ZUVERLÄSSIGKEIT SOWIE JEGLICHE STILLSCHWEIGENDEN GEWÄHRLEISTUNGEN DER MARKTGÄNGIGKEIT, NICHT-VERLETZUNG VON RECHTEN DRITTER ODER DER EIGNUNG FÜR EINEN BESTIMMTEN ZWECK.

Die Website von Kaspersky Lab wurde für Ihre Bequemlichkeit mithilfe einer Übersetzungssoftware von Google Translate übersetzt. Es wurden angemessene Bemühungen für die Bereitstellung einer akkuraten Übersetzung unternommen. Bitte beachten Sie, dass automatisierte Übersetzungen nicht perfekt sind und menschliche Übersetzer in keinem Fall ersetzen sollen. Übersetzungen werden den Nutzern der Kaspersky-Lab-Website als Service und "wie sie sind" zur Verfügung gestellt. Die Richtigkeit, Zuverlässigkeit oder Korrektheit jeglicher Übersetzungen aus dem Englischen in eine andere Sprache wird weder ausdrücklich noch stillschweigend garantiert. Einige Inhalte (z. B. Bilder, Videos, Flash, usw.) können aufgrund der Einschränkungen der Übersetzungssoftware möglicherweise nicht inhaltsgetreu übersetzt werden.

KLA11064
Multiple vulnerabilities in IrfanView
Aktualisiert: 03/29/2019
Erkennungsdatum
?
10/11/2017
Schweregrad
?
Hoch
Beschreibung

Multiple serious vulnerabilities have been found in IrfanView 4.44. Malicious users can exploit these vulnerabilities to cause a denial of service or execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An integer overflow vulnerability in the JPEG 2000 parser can be exploited remotely via a specially designed JPEG 2000 image to execute arbitrary code;
  2. Multiple buffer overflow vulnerabilities can be exploited locally via specially designed *.rle files to cause a denial of service or execute arbitrary code;
  3. Multiple buffer overflow vulnerabilities in Irfan View 4.44 with FPX Plugin 4.47 can be exploited locally via specially designed *.fpx files to cause a denial of service or execute arbitrary code;
  4. A buffer overflow vulnerability related to „Data from Faulting Address controls Branch Selection starting at USER32!wvsprintfA+0x00000000000002f3.“ issue can be exploited locally via a specially designed file to execute arbitrary code;
  5. A buffer overflow vulnerability in Irfan View 4.44 with FPX Plugin 4.45 can be exploited locally via specially designed *.fpx files to cause a denial of service or execute arbitrary code;
  6. A buffer overflow vulnerability can be exploited locally via specially designed *.mov files to execute arbitrary code;
  7. Multiple buffer overflow vulnerabilities in Irfan View 4.44 with FPX Plugin 4.46 can be exploited locally via specially designed *.fpx files to cause a denial of service or execute arbitrary code;
  8. A buffer overflow vulnerability in Irfan View 4.44 with FPX Plugin 4.46 can be exploited locally via specially designed *.fpx files to cause a denial of service or execute arbitrary code;
  9. Multiple buffer overflow vulnerabilities in Irfan View 4.44 with TOOLS Plugin 4.50 can be exploited locally via specially designed files to cause a denial of service or execute arbitrary code;
  10. Multiple buffer overflow vulnerabilities can be exploited locally via a specially designed *.svg file to cause a denial of service;
  11. A buffer overflow vulnerability can be exploited locally via a specially designed *.ani file to cause a denial of service;
  12. A buffer overflow vulnerability can be exploited locally via a specially designed *.djvu file to cause a denial of service;
  13. Multiple buffer overflow vulnerabilities can be exploited locally via a specially designed *.pdf file to cause a denial of service and execute arbitrary code;
  14. A buffer overflow vulnerability can be exploited locally via a specially designed *.tif file to cause a denial of service.

Technical details

Vulnerability (1) occurs while viewing image in IrfanView or by using its thumbnailing feature.

Vulnerabilities (2) are related to:

  1. „User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121.“
  2. „User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d96.“
  3. „User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d80.“
  4. „Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429.“
  5. „Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.“
  6. „Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031.“
  7. „Invalid Handle starting at wow64!Wow64NotifyDebugger+0x000000000000001d.“
  8. „Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca.“

Vulnerabilities (3) are related to:

„User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000a529.“
„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b3ae.“
„Read Access Violation starting at wow64!Wow64NotifyDebugger+0x000000000000001d.“
„User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000a529.“
„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b3ae.“
„Read Access Violation starting at wow64!Wow64NotifyDebugger+0x000000000000001d.“

Vulnerability (6) exists because of a User Mode Write AV near NULL.

Vulnerabilities (7) are related to:

„User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000000f53.“
„User Mode Write AV starting at FPX+0x000000000000176c.“
„User Mode Write AV starting at FPX+0x0000000000001555.“
„User Mode Write AV starting at FPX!DE_Decode+0x0000000000000a9b.“
„User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000017426.“
„User Mode Write AV starting at FPX!GetPlugInInfo+0x0000000000016e53.“
„Read Access Violation on Control Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000014eb.“
„Read Access Violation on Control Flow starting at FPX!GetPlugInInfo+0x0000000000012bf2.“
„User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000007822.“
„User Mode Write AV starting at FPX!DE_Decode+0x0000000000000cdb.“
„Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c995.“
„Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c998.“
„Read Access Violation on Control Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000c99a.“
„Data from Faulting Address controls subsequent Write Address starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000a525.“
„Data from Faulting Address controls Code Flow starting at FPX+0x0000000000007236.“
„Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000014e7.“
„Read Access Violation on Block Data Move starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b84f.“
Data from Faulting Address controls Code Flow starting at FPX+0x0000000000007216
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6.“
„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000006a98.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f.“
„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX+0x000000000000688d.“
„Data from Faulting Address controls Branch Selection starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000031a0.“
„Read Access Violation starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000003714.“
„Read Access Violation starting at FPX+0x000000000000153a.“
„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000007053.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393.“

Vulnerabilities (9) are related to:

„Read Access Violation on Block Data Move starting at ntdll_77df0000!memcpy+0x0000000000000033.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlFreeHandle+0x00000000000001b6.“
„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77df0000!RtlFreeHandle+0x0000000000000218.“
„Data from Faulting Address controls Branch Selection starting at.“ KERNELBASE!QueryOptionalDelayLoadedAPI+0x0000000000000c42.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResCompareResourceNames+0x0000000000000087.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResSearchResourceInsideDirectory+0x000000000000029e.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResGetMappingSize+0x00000000000003cc.“
„Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpCompareResourceNames_U+0x0000000000000062.“

Vulnerabilities (10) are related to:

„Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x000000000011d767.“
„Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000001f23e.“

Vulnerability (11) related to „Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4.“

Vulnerability (12) related to „Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613.“

Vulnerabilities 10-12 affect only 32-bit version of IrfanView.

Vulnerability (13) related to:

„Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000000000009174a.“
„Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c.“
„Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x000000000011624a.“
„Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000129a59.“
„Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x0000000000057b35.“
„Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x0000000000048d0c.“
„Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x00000000000166c4.“

Vulnerability (14) related to:

„Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at image00000000_00400000+0x00000000000236e4.“

NB: Not every vulnerability already has CVSS rating, so cumulative CVSS rating can be not representative.

Beeinträchtigte Produkte

IrfanView version 4.44

Lösung

Update to the latest version
IrfanView – Official Homepage

Ursprüngliche Informationshinweise

IrfanView PlugIns

Folgen
?
ACE 
[?]

DoS 
[?]
CVE-IDS
?
CVE-2017-152396.8High
CVE-2017-152406.8High
CVE-2017-152416.8High
CVE-2017-152426.8High
CVE-2017-152436.8High
CVE-2017-152446.8High
CVE-2017-152456.8High
CVE-2017-152466.8High
CVE-2017-152476.8High
CVE-2017-152486.8High
CVE-2017-152496.8High
CVE-2017-152506.8High
CVE-2017-152516.8High
CVE-2017-152526.8High
CVE-2017-152536.8High
CVE-2017-152546.8High
CVE-2017-152556.8High
CVE-2017-152566.8High
CVE-2017-152576.8High
CVE-2017-152586.8High
CVE-2017-152596.8High
CVE-2017-152606.8High
CVE-2017-152616.8High
CVE-2017-152626.8High
CVE-2017-152636.8High
CVE-2017-152646.8High
CVE-2017-109246.8High
CVE-2017-146934.6High
CVE-2017-109266.8High
CVE-2017-145784.6High
CVE-2017-83696.8High
CVE-2017-83706.8High
CVE-2017-87666.8High
CVE-2017-95346.8High
CVE-2017-95286.8High
CVE-2017-95304.4High
CVE-2017-95316.8High
CVE-2017-95326.8High
CVE-2017-95336.8High
CVE-2017-28136.8High
CVE-2017-95356.8High
CVE-2017-95366.8High
CVE-2017-98736.8High
CVE-2017-98746.8High
CVE-2017-98756.8High
CVE-2017-98766.8High
CVE-2017-98776.8High
CVE-2017-98786.8High
CVE-2017-98796.8High
CVE-2017-98806.8High
CVE-2017-98816.8High
CVE-2017-98826.8High
CVE-2017-98836.8High
CVE-2017-98846.8High
CVE-2017-98856.8High
CVE-2017-98866.8High
CVE-2017-98876.8High
CVE-2017-98886.8High
CVE-2017-98896.8High
CVE-2017-98906.8High
CVE-2017-98916.8High
CVE-2017-98926.8High
CVE-2017-145394.6High
CVE-2017-145404.6High
CVE-2017-107296.8High
CVE-2017-107306.8High
CVE-2017-107316.8High
CVE-2017-107326.8High
CVE-2017-107336.8High
CVE-2017-107346.8High
CVE-2017-107356.8High
CVE-2017-109256.8High
CVE-2017-99156.8High
CVE-2017-99164.6High
CVE-2017-99174.4High
CVE-2017-99184.4High
CVE-2017-99194.4High
CVE-2017-99204.4High
CVE-2017-99214.4High
CVE-2017-99224.4High

Link zum Original