Buffer overflow : IrfanView Buffer Overflow Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801338

Categoría: Buffer overflow

Título: IrfanView Buffer Overflow Vulnerabilities

Resumen: IrfanView is prone to buffer overflow vulnerabilities.

Descripción: Summary:
IrfanView is prone to buffer overflow vulnerabilities.

Vulnerability Insight:
The flaws are due to:

- A sign extension error when parsing certain 'PSD' images

- A boundary error when processing certain 'RLE' compressed 'PSD' images.

These can be exploited to cause a heap-based buffer overflow by tricking a
user into opening a specially crafted PSD file.

Vulnerability Impact:
Successful exploitation will allow attacker to allow execution of arbitrary
code or to compromise a user's system.

Affected Software/OS:
IrfanView version prior to 4.27

Solution:
Upgrade to version 4.27 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1510
BugTraq ID: 40105
http://www.securityfocus.com/bid/40105
Bugtraq: 20100512 Secunia Research: IrfanView PSD RLE Decompression Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/511275/100/0/threaded
http://secunia.com/secunia_research/2010-42
http://osvdb.org/64628
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7397
http://secunia.com/advisories/39036
XForce ISS Database: irfanview-rle-psd-bo(58549)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58549
Common Vulnerability Exposure (CVE) ID: CVE-2010-1509
BugTraq ID: 40104
http://www.securityfocus.com/bid/40104
Bugtraq: 20100512 Secunia Research: IrfanView PSD Image Parsing Sign-Extension Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511274/100/0/threaded
http://secunia.com/secunia_research/2010-41
http://osvdb.org/64627
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6705
XForce ISS Database: irfanview-psd-bo(58548)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58548

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801338
Categoría:	Buffer overflow
Título:	IrfanView Buffer Overflow Vulnerabilities
Resumen:	IrfanView is prone to buffer overflow vulnerabilities.
Descripción:	Summary: IrfanView is prone to buffer overflow vulnerabilities. Vulnerability Insight: The flaws are due to: - A sign extension error when parsing certain 'PSD' images - A boundary error when processing certain 'RLE' compressed 'PSD' images. These can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Vulnerability Impact: Successful exploitation will allow attacker to allow execution of arbitrary code or to compromise a user's system. Affected Software/OS: IrfanView version prior to 4.27 Solution: Upgrade to version 4.27 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1510 BugTraq ID: 40105 http://www.securityfocus.com/bid/40105 Bugtraq: 20100512 Secunia Research: IrfanView PSD RLE Decompression Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/511275/100/0/threaded http://secunia.com/secunia_research/2010-42 http://osvdb.org/64628 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7397 http://secunia.com/advisories/39036 XForce ISS Database: irfanview-rle-psd-bo(58549) https://exchange.xforce.ibmcloud.com/vulnerabilities/58549 Common Vulnerability Exposure (CVE) ID: CVE-2010-1509 BugTraq ID: 40104 http://www.securityfocus.com/bid/40104 Bugtraq: 20100512 Secunia Research: IrfanView PSD Image Parsing Sign-Extension Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511274/100/0/threaded http://secunia.com/secunia_research/2010-41 http://osvdb.org/64627 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6705 XForce ISS Database: irfanview-psd-bo(58548) https://exchange.xforce.ibmcloud.com/vulnerabilities/58548
Copyright	Copyright (C) 2010 Greenbone AG