Palette overflow in Irfanview image viewer
Stefan Cornelius of Secunia Research has discovered a flaw in Irfanview, a popular freeware image viewer, which could cause a buffer overflow. Attackers using specially crafted files containing color palettes (.pal) could inject and execute arbitrary code.
Versions 3.99 and 4.0 are affected. Upon being informed of the flaw by the security service provider, the vendor remedied the problem in version 4.10, which also contains a number of additional bug fixes and extensions.
- IrfanView Palette File Importing Buffer Overflow Vulnerability, Secunia's security advisory
(mba)