漏洞信息详情
IrfanView '.PSD'格式文件处理远程缓冲区溢出漏洞
- CNNVD编号:CNNVD-201005-222
- 危害等级: 中危
- CVE编号: CVE-2010-1509
- 漏洞类型: 缓冲区溢出
- 发布时间: 2010-05-14
- 威胁类型: 远程
- 更新时间: 2010-05-14
- 厂 商: irfanview
- 漏洞来源: Stefan Cornelius, ...
漏洞简介
IrfanView是波黑软件开发者Irfan Skiljan所研发的一款图片浏览器,它支持图片浏览、图片编辑、图片格式转换等。
在处理PSD图像时,IrfanView无法正确验证未明整数变量,远程攻击者可通过特制图像文件触发基于堆的缓冲区溢出,并引发拒绝服务(应用程序崩溃),与\"符号扩展错误\"相关。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
IrfanView IrfanView 4.01
IrfanView iview427.zip
http://download.cnet.com/IrfanView/3000-2192_4-10021962.HTML?part=dl-I rfanView&subj=dl&tag=button
IrfanView IrfanView 4.10
IrfanView iview427.zip
http://download.cnet.com/IrfanView/3000-2192_4-10021962.HTML?part=dl-I rfanView&subj=dl&tag=button
IrfanView IrfanView 4.25
IrfanView iview427.zip
http://download.cnet.com/IrfanView/3000-2192_4-10021962.HTML?part=dl-I rfanView&subj=dl&tag=button
IrfanView IrfanView 3.95
IrfanView iview427.zip
http://download.cnet.com/IrfanView/3000-2192_4-10021962.HTML?part=dl-I rfanView&subj=dl&tag=button
IrfanView IrfanView 4.00
IrfanView iview427.zip
http://download.cnet.com/IrfanView/3000-2192_4-10021962.HTML?part=dl-I rfanView&subj=dl&tag=button
IrfanView IrfanView 3.99
IrfanView iview427.zip
http://download.cnet.com/IrfanView/3000-2192_4-10021962.HTML?part=dl-I rfanView&subj=dl&tag=button
IrfanView IrfanView 4.23
IrfanView iview427.zip
http://download.cnet.com/IrfanView/3000-2192_4-10021962.HTML?part=dl-I rfanView&subj=dl&tag=button
IrfanView IrfanView 3.97
IrfanView iview427.zip
http://download.cnet.com/IrfanView/3000-2192_4-10021962.HTML?part=dl-I rfanView&subj=dl&tag=button
IrfanView IrfanView 3.98
IrfanView iview427.zip
http://download.cnet.com/IrfanView/3000-2192_4-10021962.HTML?part=dl-I rfanView&subj=dl&tag=button
IrfanView IrfanView 3.99
IrfanView iview427.zip
http://download.cnet.com/IrfanView/3000-2192_4-10021962.HTML?part=dl-I rfanView&subj=dl&tag=button
参考网址
来源: MISC
链接:http://secunia.com/secunia_research/2010-41
来源: SECUNIA
名称: 39036
链接:http://secunia.com/advisories/39036
来源: irfanview.com
链接:http://irfanview.com/main_history.htm
受影响实体
- Irfanview Irfanview:1.70
- Irfanview Irfanview:1.75
- Irfanview Irfanview:1.80
- Irfanview Irfanview:1.85
- Irfanview Irfanview:1.90
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论