Detections
Analytics

IrfanView < 4.37 Multiple Buffer Overflow Vulnerabilities

high Nessus Plugin ID 72395

Language:

Synopsis

A graphic viewer installed on the remote host is affected by multiple buffer overflow vulnerabilities.

Description

The remote Windows host contains a version of IrfanView prior to version 4.37. It is, therefore, reportedly affected by multiple buffer overflow vulnerabilities :

 - A boundary error exists when handling the LZW code stream within GIF files that could lead to arbitrary code execution. (CVE-2013-5351)

 - An error exists in the Thumbnail 'tooltips' feature when viewing a specially crafted file contained in a folder named using multi-byte characters in the Thumbnails window, such as when handling Japanese folder names.
 Exploitation of this issue could result in arbitrary code execution. (CVE-2013-6932)

Solution

Upgrade to IrfanView version 4.37 or later.

See Also

https://www.irfanview.com/main_history.htm

https://secuniaresearch.flexerasoftware.com/secunia_research/2013-13/

http://jvn.jp/en/jp/JVN63194482/index.html

Plugin Details

Severity: High

ID: 72395

File Name: irfanview_437.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 2/7/2014

Updated: 11/26/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-6932

Vulnerability Information

CPE: cpe:/a:irfanview:irfanview

Required KB Items: SMB/IrfanView/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 12/16/2013

Vulnerability Publication Date: 12/17/2013

Reference Information

CVE: CVE-2013-5351, CVE-2013-6932

BID: 64388, 64561