News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
June 18, 2013, 23:34:25
linktree cexx.org - Support Forums  >  Everything Else  >  Tech Talk
linktree Topic: IrfanView vuln - update available
Pages: [1]   Go Down
« previous next »
  Print  
Topic: IrfanView vuln - update available  (Read 3999 times)
0 Members and 1 Guest are viewing this topic.
« on: May 04, 2007, 17:28:17 »
AplusWebMaster Offline
Global Moderator WWW
Karma: 501
Posts: 7374
FYI...

- http://secunia.com/advisories/24725/
Last Update:  2007-04-30
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Upgrade to version 4.00
Software: IrfanView 3.x
...The vulnerability is confirmed in version 3.99. Prior versions may also be affected.
Solution: Upgrade to version 4.00.
http://www.irfanview.com/main_download_engl.htm ..."

Note: Please use always the current IrfanView -and- PlugIn version ...
http://www.irfanview.com/plugins.htm

 Exclamation
Logged
This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #1 on: October 16, 2007, 11:49:18 »
AplusWebMaster Offline
Global Moderator WWW
Karma: 501
Posts: 7374
FYI...

IrfanView vuln - update available
- http://secunia.com/advisories/26619/
Release Date: 2007-10-16
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: IrfanView 3.x, IrfanView 4.x
...The vulnerability is confirmed in version 4.00. Other versions may also be affected.
Solution: Update to version 4.10.
http://www.irfanview.com/main_download_engl.htm


.
Logged
This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #2 on: June 18, 2009, 04:33:34 »
AplusWebMaster Offline
Global Moderator WWW
Karma: 501
Posts: 7374
FYI...

IrfanView vuln - update available
- http://secunia.com/advisories/35359/2/
Release Date: 2009-06-18
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: IrfanView 4.x ...
Solution: Update to version 4.25.
http://irfanview.com/main_download_engl.htm ...

Also: The current PlugIns version is: 4.25
- http://www.software.com/irfanview-plugin

- http://www.irfanview.net/main_history.htm
Release date: 2009-06-16

 Exclamation
« Last Edit: June 18, 2009, 06:45:41 by AplusWebMaster » Logged
This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #3 on: May 12, 2010, 09:26:43 »
AplusWebMaster Offline
Global Moderator WWW
Karma: 501
Posts: 7374
FYI...

Irfanview vulns - update available
- http://secunia.com/advisories/39036/
Last Update: 2010-05-17
Criticality level: Highly critical
Impact:   System access
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 4.27.
- http://irfanview.com/main_download_engl.htm

Current PlugIns
- http://fileforum.betanews.com/download/IrfanView-PlugIns/1099412658/1
irfanview_plugins_427_setup.exe

- http://irfanview.com/main_history.htm
Release date: 2010-05-09

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1509
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1510
Last revised: 05/21/2010

 Exclamation
« Last Edit: May 24, 2010, 08:11:03 by AplusWebMaster » Logged
This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #4 on: December 17, 2010, 05:04:14 »
AplusWebMaster Offline
Global Moderator WWW
Karma: 501
Posts: 7374

FYI...

IrfanView v4.28 released
LuraDocument Format PlugIn Memory Corruption Vulnerability
- http://secunia.com/advisories/41439/
Release Date: 2010-12-17
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: No updated version of the plugin will be made available. The vendor has removed the plugin in version 4.28 of the plugins distribution.
Original Advisory:
http://irfanview.com/main_history.htm
Version 4.28 ( - CURRENT VERSION - ) (Release date: 2010-12-16)

 Exclamation
Logged
This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #5 on: January 16, 2012, 05:40:56 »
AplusWebMaster Offline
Global Moderator WWW
Karma: 501
Posts: 7374
FYI...

IrfanView plugin JPEG-2000 v4.33 released
- https://secunia.com/advisories/47360/
Release Date: 2012-01-16
Criticality level: Moderately critical
Impact: System access
Where: From remote
... vulnerability is confirmed in version 4.32. Other versions may also be affected.
Solution: Update the JPEG2000 plug-in to version 4.33.

- http://www.irfanview.com/plugins.htm
... PlugIns updated after the version 4.32:
JPEG-2000 Plugin (4.33) - fixed crash/overflow with special files
> http://www.irfanview.net/plugins/irfanview_plugin_jpeg2000.exe

 Exclamation
Logged
This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #6 on: March 29, 2012, 07:57:53 »
AplusWebMaster Offline
Global Moderator WWW
Karma: 501
Posts: 7374
FYI...

IrfanView v4.33 released
- https://secunia.com/advisories/47333/
Release Date: 2012-03-29
Criticality level: Highly critical
Impact: System access
Where: From remote ...
... vulnerabilities are reported in versions prior to 4.33.
Solution: Update to version 4.33.

- http://www.irfanview.com/main_history.htm
Version 4.33 CURRENT VERSION - Release date: 2012-03-28

Download: http://www.irfanview.com/main_download_engl.htm

- http://www.irfanview.com/plugins.htm

 Exclamation
Logged
This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #7 on: April 13, 2012, 06:07:49 »
AplusWebMaster Offline
Global Moderator WWW
Karma: 501
Posts: 7374
FYI...

IrfanView FlashPix PlugIn v4.34 released
- https://secunia.com/advisories/48772/
Release Date: 2012-04-13
Criticality level: Highly critical
Impact: System access
Where: From remote ...
CVE Reference: CVE-2012-0278
Solution: Update to version 4.3.4.0...

- http://www.irfanview.com/plugins.htm
... PlugIns updated after the version 4.33:
FPX/FlashPix PlugIn (4.34):
- http://www.irfanview.net/plugins/irfanview_plugin_fpx.exe
... FPX-Library loading bug fixed

 Exclamation
Logged
This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #8 on: May 31, 2012, 05:18:56 »
AplusWebMaster Offline
Global Moderator WWW
Karma: 501
Posts: 7374
FYI...

IrfanView plugins updated - v4.34 released

- https://secunia.com/advisories/49204/
Release Date: 2012-05-31
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerability is confirmed in version 4.33. Other versions may also be affected.
Solution: Apply ECW PlugIn patch version 4.34*
___

- http://www.irfanview.com/plugins.htm
PlugIns updated -after- the version 4.33:

FPX/FlashPix PlugIn (4.34): Installer or ZIP - FPX-Library loading bug fixed:
http://www.irfanview.net/plugins/irfanview_plugin_fpx.exe
* ECW PlugIn (Third party, 3.1.0.350 - 4.34): Installer or ZIP - Some loading bugs fixed:
http://www.irfanview.net/plugins/irfanview_plugin_ecw.exe
XCF PlugIn (1.08): Installer or ZIP - Some loading bugs fixed:
http://www.irfanview.net/plugins/irfanview_plugin_xcf.exe

- https://secunia.com/advisories/49319/
Release Date: 2012-06-01
Criticality level: Moderately critical
Impact: System access
Where: From remote...
Solution: Apply Formats PlugIn patch version 4.34...
- http://www.irfanview.com/plugins.htm
FORMATS PlugIn (4.34): TTF loading bug fixed...
- http://www.irfanview.net/plugins/irfanview_plugin_formats.exe

 Exclamation
« Last Edit: June 02, 2012, 03:39:08 by AplusWebMaster » Logged
This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #9 on: November 09, 2012, 04:43:18 »
AplusWebMaster Offline
Global Moderator WWW
Karma: 501
Posts: 7374
FYI...

IrfanView v4.35 released
TIFF Image Decompression Buffer Overflow Vulnerability
- https://secunia.com/advisories/49856/
Release Date: 2012-11-09
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-5022 - 6.8
This is related to vulnerability #4 in: https://secunia.com/SA43593/
... vulnerability is confirmed in version 4.33. Other versions may also be affected.
Solution: Update to version 4.35.
Original Advisory: http://www.irfanview.com/main_history.htm
Version 4.35 - 2012-11-07

- http://www.irfanview.com/main_download_engl.htm

- http://www.irfanview.com/plugins.htm
The current PlugIns version is: 4.35

 Exclamation
Logged
This machine has no brain.
....... Use your own.
Browser check for updates here.
.
« Reply #10 on: May 30, 2013, 03:47:11 »
AplusWebMaster Offline
Global Moderator WWW
Karma: 501
Posts: 7374
FYI...

IrfanView FlashPix PlugIn FPX 4.36 released
- https://secunia.com/advisories/53579/
Release Date: 2013-05-30
Criticality level: Highly critical
Impact: System access
Where: From remote...
Software: IrfanView FlashPix PlugIn 4.x
CVE Reference: CVE-2013-3486
... vulnerability is caused due to an integer overflow error within the Fpx.dll module...
- http://www.irfanview.com/plugins.htm
PlugIns updated after the version 4.35:
FPX Plugin (4.36) - Installer or ZIP - Fixed loading of FPX (FlashPix) files (reported by Secunia)
- http://www.irfanview.net/plugins/irfanview_plugin_fpx.exe

 Exclamation Exclamation
Logged
This machine has no brain.
....... Use your own.
Browser check for updates here.
.
 
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Page created in 0.187 seconds with 20 queries.