Computer Security
[EN] securityvulns.ru no-pyccku


IrfanView buffer overflow
Published:13.05.2010
Source:
SecurityVulns ID:10832
Type:client
Threat Level:
5/10
Description:Buffer overflow and integer overflow on PSD parsing.
Affected:IRFANVIEW : IrfanView 4.25
CVE:CVE-2010-1510 (Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression.)
 CVE-2010-1509 (IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error.")
Original documentdocumentSECUNIA, Secunia Research: IrfanView PSD RLE Decompression Buffer Overflow (13.05.2010)
 documentSECUNIA, Secunia Research: IrfanView PSD Image Parsing Sign-Extension Vulnerability (13.05.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod