IrfanView JPEG-2000 Plugin Remote Stack-based Buffer Overflow

Medium Nessus Plugin ID 59846


The remote host has an application installed that is affected by a stack-based buffer overflow vulnerability.


The version of the IrfanView JPEG-2000 plugin (JPEG2000.dll) was found to be less than 4.33. Such versions are affected by a stack-based buffer overflow vulnerability that can be triggered by tricking users into opening a .JP2 file with a specially crafted Quantization Default section. Successful exploitation may allow arbitrary code to be executed on the affected host subject to the privileges of the user.


Upgrade the JPEG-2000 plugin to version (4.33) or higher.

See Also

Plugin Details

Severity: Medium

ID: 59846

File Name: irfanview_jpeg2000_stack_overflow.nasl

Version: $Revision: 1.10 $

Type: local

Agent: windows

Family: Windows

Published: 2012/07/05

Modified: 2016/11/23

Dependencies: 57559

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:irfanview:irfanview

Required KB Items: SMB/IrfanView/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/03/28

Vulnerability Publication Date: 2012/01/16

Exploitable With

Core Impact

Metasploit (Irfanview JPEG2000 jp2 Stack Buffer Overflow)

Reference Information

CVE: CVE-2012-0897

BID: 51426

OSVDB: 78333