IrfanView < 4.36 Multiple Vulnerabilities

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

A graphic viewer installed on the remote host is affected by multiple

Description :

The remote Windows host contains a version of IrfanView prior to
version 4.36. It is, therefore, reportedly affected by multiple
vulnerabilities :

- A heap-based buffer overflow vulnerability exists when
parsing ANI images. An attacker can exploit this issue
with a specially crafted ANI file, potentially leading
to arbitrary code execution.

- A flaw exists where DCX file headers are not properly
sanitized, which could potentially lead to a denial of

- An integer overflow vulnerability exists in the FlashPix
Plugin (Fpx.dll) when handling sections of Summary
Information Property sets, which could lead to arbitrary
code execution.

See also :

Solution :

Upgrade to IrfanView version 4.36 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 68888 ()

Bugtraq ID: 61000

CVE ID: CVE-2013-3486

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now