IrfanView < 4.37 Multiple Buffer Overflow Vulnerabilities
High Nessus Plugin ID 72395
SynopsisA graphic viewer installed on the remote host is affected by multiple buffer overflow vulnerabilities.
DescriptionThe remote Windows host contains a version of IrfanView prior to version 4.37. It is, therefore, reportedly affected by multiple buffer overflow vulnerabilities :
- A boundary error exists when handling the LZW code stream within GIF files that could lead to arbitrary code execution. (CVE-2013-5351)
- An error exists in the Thumbnail 'tooltips' feature when viewing a specially crafted file contained in a folder named using multi-byte characters in the Thumbnails window, such as when handling Japanese folder names.
Exploitation of this issue could result in arbitrary code execution. (CVE-2013-6932)
SolutionUpgrade to IrfanView version 4.37 or later.