In association with heise online

17 October 2007, 09:10

Palette overflow in Irfanview image viewer

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Stefan Cornelius of Secunia Research has discovered a flaw in Irfanview, a popular freeware image viewer, which could cause a buffer overflow. Attackers using specially crafted files containing color palettes (.pal) could inject and execute arbitrary code.

Versions 3.99 and 4.0 are affected. Upon being informed of the flaw by the security service provider, the vendor remedied the problem in version 4.10, which also contains a number of additional bug fixes and extensions.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-733798
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit