Computer Security

IrfanView buffer overflow
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



IrfanView buffer overflow
Published:13.05.2010
Source:BUGTRAQ
SecurityVulns ID:10832
Type:client
Level:5/10
Description:Buffer overflow and integer overflow on PSD parsing.
Affected:IRFANVIEW : IrfanView 4.25
CVE:CVE-2010-1510 (Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression.)
 CVE-2010-1509 (IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error.")
Original documentdocumentSECUNIA, Secunia Research: IrfanView PSD RLE Decompression Buffer Overflow (13.05.2010)
 documentSECUNIA, Secunia Research: IrfanView PSD Image Parsing Sign-Extension Vulnerability (13.05.2010)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru