VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-1509

irfanview: IrfanView before 4.27 does not properly handle an u...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1509

Original

IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error."

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-05-14

Source Information Category:

Advisory, Alert

Last Updated:

2010-05-17

Affected Product Tags

cpe:/a:irfanview:irfanview:1.70

cpe:/a:irfanview:irfanview:1.75

cpe:/a:irfanview:irfanview:1.80

cpe:/a:irfanview:irfanview:1.85

cpe:/a:irfanview:irfanview:1.90

cpe:/a:irfanview:irfanview:1.95

cpe:/a:irfanview:irfanview:1.97

cpe:/a:irfanview:irfanview:1.98

cpe:/a:irfanview:irfanview:1.98a

cpe:/a:irfanview:irfanview:1.99

cpe:/a:irfanview:irfanview:2.00

cpe:/a:irfanview:irfanview:2.05

cpe:/a:irfanview:irfanview:2.07

cpe:/a:irfanview:irfanview:2.10

cpe:/a:irfanview:irfanview:2.12

cpe:/a:irfanview:irfanview:2.15

cpe:/a:irfanview:irfanview:2.17

cpe:/a:irfanview:irfanview:2.18

cpe:/a:irfanview:irfanview:2.20

cpe:/a:irfanview:irfanview:2.22

cpe:/a:irfanview:irfanview:2.25

cpe:/a:irfanview:irfanview:2.27

cpe:/a:irfanview:irfanview:2.30

cpe:/a:irfanview:irfanview:2.32

cpe:/a:irfanview:irfanview:2.35

cpe:/a:irfanview:irfanview:2.37

cpe:/a:irfanview:irfanview:2.40

cpe:/a:irfanview:irfanview:2.50

cpe:/a:irfanview:irfanview:2.52

cpe:/a:irfanview:irfanview:2.55

cpe:/a:irfanview:irfanview:2.60

cpe:/a:irfanview:irfanview:2.62

cpe:/a:irfanview:irfanview:2.63

cpe:/a:irfanview:irfanview:2.65

cpe:/a:irfanview:irfanview:2.66

cpe:/a:irfanview:irfanview:2.68

cpe:/a:irfanview:irfanview:2.80

cpe:/a:irfanview:irfanview:2.82

cpe:/a:irfanview:irfanview:2.83

cpe:/a:irfanview:irfanview:2.85

cpe:/a:irfanview:irfanview:2.90

cpe:/a:irfanview:irfanview:2.92

cpe:/a:irfanview:irfanview:2.95

cpe:/a:irfanview:irfanview:2.97

cpe:/a:irfanview:irfanview:2.98

cpe:/a:irfanview:irfanview:3.00

cpe:/a:irfanview:irfanview:3.02

cpe:/a:irfanview:irfanview:3.05

cpe:/a:irfanview:irfanview:3.07

cpe:/a:irfanview:irfanview:3.10

cpe:/a:irfanview:irfanview:3.12

cpe:/a:irfanview:irfanview:3.15

cpe:/a:irfanview:irfanview:3.17

cpe:/a:irfanview:irfanview:3.20

cpe:/a:irfanview:irfanview:3.21

cpe:/a:irfanview:irfanview:3.25

cpe:/a:irfanview:irfanview:3.30

cpe:/a:irfanview:irfanview:3.33

cpe:/a:irfanview:irfanview:3.35

cpe:/a:irfanview:irfanview:3.36

cpe:/a:irfanview:irfanview:3.50

cpe:/a:irfanview:irfanview:3.51

cpe:/a:irfanview:irfanview:3.60

cpe:/a:irfanview:irfanview:3.61

cpe:/a:irfanview:irfanview:3.70

cpe:/a:irfanview:irfanview:3.75

cpe:/a:irfanview:irfanview:3.80

cpe:/a:irfanview:irfanview:3.85

cpe:/a:irfanview:irfanview:3.90

cpe:/a:irfanview:irfanview:3.91

cpe:/a:irfanview:irfanview:3.92

cpe:/a:irfanview:irfanview:3.95

cpe:/a:irfanview:irfanview:3.97

cpe:/a:irfanview:irfanview:3.98

cpe:/a:irfanview:irfanview:3.99

cpe:/a:irfanview:irfanview:4.00

cpe:/a:irfanview:irfanview:4.10

cpe:/a:irfanview:irfanview:4.20

cpe:/a:irfanview:irfanview:4.22

cpe:/a:irfanview:irfanview:4.23

cpe:/a:irfanview:irfanview:4.25 and previous versions

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://irfanview.com/main_history.htm

MISC http://secunia.com/secunia_research/2010-41

SECUNIA 39036

Vulnerability Type Buffer Errors (CWE-119)