IrfanView JPEG-2000 Plugin Remote Stack-based Buffer Overflow
Medium Nessus Plugin ID 59846
SynopsisThe remote host has an application installed that is affected by a stack-based buffer overflow vulnerability.
DescriptionThe version of the IrfanView JPEG-2000 plugin (JPEG2000.dll) was found to be less than 4.33. Such versions are affected by a stack-based buffer overflow vulnerability that can be triggered by tricking users into opening a .JP2 file with a specially crafted Quantization Default section. Successful exploitation may allow arbitrary code to be executed on the affected host subject to the privileges of the user.
SolutionUpgrade the JPEG-2000 plugin to version 18.104.22.168 (4.33) or higher.