IrfanView DjVu Plugin DjVu Image File Decompression Overflow
High Nessus Plugin ID 60036
SynopsisThe remote host has an application installed that is affected by a heap-based buffer overflow vulnerability.
DescriptionThe version of the IrfanView DjVu plugin (DjVu.dll) was found to be less than 4.34. As such, it is reportedly affected by a heap-based buffer overflow vulnerability that can be triggered by tricking users into opening a .djvu file with a specially crafted DjVu image that is not properly handled during decompression. Successful exploitation may allow arbitrary code to be executed on the affected host.
SolutionUpgrade the DjVu plugin to version 18.104.22.168 (4.34) or later.