Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: IrfanView FlashPix PlugIn Image Decompression Buffer Overflow
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Vulnerabilities
See the original Secunia advisory:
IrfanView FlashPix PlugIn Image Decompression Buffer Overflow
| Secunia | IrfanView FlashPix PlugIn Image Decompression Buffer Overflow |
|---|---|
 |
16th Apr, 2012 14:32 |
|
Ranking: 0 Posts: 0 User Since: - System Score: - Location: Copenhagen, DK |
Francis Provencher has discovered a vulnerability in the FlashPix PlugIn for IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to insufficient validation when decompressing FlashPix images and can be exploited to cause a heap-based buffer overflow via a specially crafted FPX file. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 4.3.2.0. Other versions may also be affected. |
| djjjhn | RE: IrfanView FlashPix PlugIn Image Decompression Buffer Overflow | ||||||||
|
16th Apr, 2012 14:32 | ||||||||
| Score: 0 Posts: 3 User Since: 16th Apr 2012 System Score: N/A Location: CA Last edited on 16th Apr, 2012 14:32 |
You state that the solution for this is to update to v4.3.4...and yet no such version exists yet on the Secunia site?? | ||||||||
|
|||||||||
| ddmarshall | RE: IrfanView FlashPix PlugIn Image Decompression Buffer Overflow | ||||||||
|
16th Apr, 2012 17:40 | ||||||||
| Score: 1126 Posts: 910 User Since: 8th Nov 2008 System Score: 100% Location: UK Last edited on 16th Apr, 2012 17:40 |
You can download it from the link about halfway down this page: http://www.irfanview.com/plugins.htm -- This answer is provided “as-is.” You bear the risk of using it. |
||||||||
|
|||||||||
| Maurice Joyce | RE: IrfanView FlashPix PlugIn Image Decompression Buffer Overflow | ||||||||
|
18th Apr, 2012 12:31 | ||||||||
| Score: 10510 Posts: 8,072 User Since: 4th Jan 2009 System Score: 100% Location: UK |
Sadly, genuine submissions created on this Forum are getting "lost" amongst the sustained spammer attack posts being created. I have grouped this post & others where Forum members have open questions & comments which should make it easier for Forum readers & helpers to navigate. -- Maurice Windows 7 SP1 64 Bit OS HP Intel Pentium i7 IE 10 for Windows 7 16GB RAM |
||||||||
|
|||||||||
| djjjhn | RE: IrfanView FlashPix PlugIn Image Decompression Buffer Overflow | ||||||||
|
|
18th Apr, 2012 22:22 | ||||||||
| Score: 0 Posts: 3 User Since: 16th Apr 2012 System Score: N/A Location: CA Last edited on 18th Apr, 2012 22:24 |
I meant of course to say that v4.3.4 is not available on the Irfanview site. ddmarshall's link to the plugin page just shows v 4.3.3 |
||||||||
|
|||||||||
| ddmarshall | RE: IrfanView FlashPix PlugIn Image Decompression Buffer Overflow | ||||||||
|
|
19th Apr, 2012 14:19 | ||||||||
| Score: 1126 Posts: 910 User Since: 8th Nov 2008 System Score: 100% Location: UK |
You didn't read far enough down PlugIns updated after the version 4.33: FPX/FlashPix PlugIn (4.34): Installer or ZIP - FPX-Library loading bug fixed (reported by Francis Provencher via Secunia SVCRP, thanks!) XCF PlugIn (1.08): Installer or ZIP - Some loading bugs fixed (reported by FuzzMyApp, thanks!) -- This answer is provided “as-is.” You bear the risk of using it. |
||||||||
|
|||||||||
| djjjhn | RE: IrfanView FlashPix PlugIn Image Decompression Buffer Overflow | ||||||||
|
|
19th Apr, 2012 14:24 | ||||||||
| Score: 0 Posts: 3 User Since: 16th Apr 2012 System Score: N/A Location: CA |
You are right! My wife has alawys said that I'm crap at looking. ;-) Not particularly clear by IrfanView though...the top of that page clearly states that 4.33 is the latest version. Anyway...thanks! |
||||||||
|
|||||||||
