JPEGView - Image Viewer and Editor RCE POC

vendor:

Image Viewer and Editor

by:

Debasish Mandal

7,5

CVSS

HIGH

Remote Code Execution

CWE

Product Name: Image Viewer and Editor

Affected Version From: v1.0.29

Affected Version To: v1.0.29

Patch Exists: YES

Related CWE: N/A

CPE: jpegview

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP2

2013

JPEGView – Image Viewer and Editor RCE POC

A read access violation near function pointer call can be triggered by feeding a specially crafted image(width or height smaller than 65535 ) which could lead to code exec.

Mitigation:

Upgrade to version v1.0.30 or later

Source

Exploit-DB raw data:

Title: JPEGView - Image Viewer and Editor RCE POC
Date: 18 November'13
Author: Debasish Mandal ( https://twitter.com/debasishm89 )
Version: JPEGView v1.0.29
Download Link : http://sourceforge.net/projects/jpegview/
Vendor Patch : Patched in version v1.0.30
Issue Ticket : http://sourceforge.net/p/jpegview/bugs/31/
Release Note : http://sourceforge.net/projects/jpegview/files/jpegview/1.0.30/
Tested on: Windows XP SP2

A read access violation near function pointer call can be triggered by feeding a specially crafted 
image(width or height smaller than 65535 ) which could lead to code exec.

The file that causes the AV is attached:

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29707.gif