Cisco Blogs
Share

Vulnerability Spotlight: IrfanView Jpeg2000 Reference Tile width Arbitrary Code Execution Vulnerability


April 26, 2017 - 0 Comments

Discovered by Aleksandar Nikolic of Cisco Talos

Overview

Talos is disclosing TALOS-2017-0310 / CVE-2017-2813, an arbitrary code execution vulnerability in the JP2 plugin for IrfanView image viewer. IrfanView is a widely used, Windows based, image viewing and editing application.

This particular vulnerability is in the jpeg2000 plugin (JP2) for IrfanView resulting in an integer overflow which leads to a wrong memory allocation and eventual arbitrary code execution. This vulnerability is specifically related to the way in which the plugin leverages the reference tile width value in a buffer size allocation. There are insufficient checks being done which can result in a small buffer being allocated for a large tile. This results in a controlled out of bounds write vulnerability. This out of bounds write bug can be further leveraged to achieve code execution in the application. This vulnerability can be triggered by either viewing an image in the application or by using the thumb nailing feature of IrfanView.

Read More >>



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.