Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability

Information

Severity

Severity

Medium

Family

Family

Buffer overflow

CVSSv2 Base

CVSSv2 Base

6.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

10 years ago

Modified

Modified

4 years ago

Summary

This host has IrfanView with JPEG-2000 plugin installed and is prone to stack based buffer overflow vulnerability.

Insight

Insight

The flaw is due to an error in the JPEG2000 plug-in when processing the Quantization Default (QCD) marker segment. This can be exploited to cause a stack-based buffer overflow via a specially crafted JPEG2000 (JP2) file.

Affected Software

Affected Software

IrfanView JPEG-2000 Plugin version prior to 4.33

Solution

Solution

Upgrade IrfanView JPEG-2000 Plugin version to 4.33 or later.

Common Vulnerabilities and Exposures (CVE)