IrfanView JLS Plugin JLS Compressed Image File Handling Overflow
High Nessus Plugin ID 60037
SynopsisThe remote host has an application installed that is affected by a heap-based buffer overflow vulnerability.
DescriptionThe version of the IrfanView JLS plugin (Jpeg_LS.dll) library is earlier than 0.6.4.1. As such, it reportedly is affected by a heap- based buffer overflow caused by insufficient validation when processing compressed JLS images. An attacker could exploit this vulnerability to execute arbitrary code by tricking a user into opening a specially crafted JLS file.
SolutionUpgrade the JLS plugin to version 0.6.4.1 or later.