IrfanView Formats Plugin ECW Plugin File Handling Buffer Overflow Vulnerability
High Nessus Plugin ID 59849
SynopsisThe remote host has an application installed that is affected by a heap-based buffer overflow vulnerability.
DescriptionThe version of the IrfanView Formats ECW plugin (NCSEcw.dll) was found to be less than 4.34. Such versions are affected by a heap-based buffer overflow caused by insufficient validation when decompressing ECW images. An attacker could exploit this vulnerability to execute arbitrary code by tricking a user into opening a specially crafted .ecw file.
SolutionUpgrade the Formats ECW plugin to version 184.108.40.2060 (4.34) or higher.