IrfanView MrSID Plugin < 4.37 Multiple Buffer Overflows
High Nessus Plugin ID 72394
SynopsisAn application on the remote host is affected by multiple buffer overflow vulnerabilities.
DescriptionThe version of the IrfanView MrSID plugin (MrSID.dll) installed on the remote Windows host is a version prior to 4.37. It is, therefore, affected by multiple buffer overflow vulnerabilities :
- A stack-based buffer overflow exists due to improper validation of the 'IMAGE' tag. (CVE-2013-3944)
- A heap-based buffer overflow exists due to improper validation of the 'nband' tag. (CVE-2013-3945)
- An integer overflow exists due to improper validation of the 'levels' header, which could lead to a heap-based buffer overflow. (CVE-2013-3946)
An attacker can exploit these issues by sending a specially crafted SID file, which could result in a denial of service or arbitrary code execution.
SolutionUpgrade the MrSID plugin to version 22.214.171.124 (4.37) or later.