KLA11205
Multiple vulnerabilities in IrfanView
Обновлено: 26/06/2019
Дата обнаружения
22/10/2017
Уровень угрозы
High
Описание

Multiple serious vulnerabilities have been found in IrfanView 4.50. Malicious users can exploit these vulnerabilities to cause a denial of service or execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A buffer overflow vulnerability can be exploited locally via a specially crafted *.dds file to cause a denial of service;
  2. A buffer overflow vulnerability can be exploited locally via a specially crafted *.tif file to cause a denial of service;
  3. Multiple buffer overflow vulnerabilities can be exploited locally via a specially crafted *.dwg file to cause a denial of service or execute arbitrary code.
Пораженные продукты

IrfanView version 4.50

Решение

Update to the latest version
IrfanView – Official Homepage

Оказываемое влияние
?
ACE 
[?]

DoS 
[?]
Связанные продукты
IrfanView
CVE-IDS