CVE-2007-1948

IrfanView 3.99 - Buffer Overflow via Crafted BMP Image

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1948. PoCs published by Ivan Fratric.

AI-analyzed exploit summary This exploit generates malformed BMP files to trigger denial-of-service conditions in IrfanView by exploiting integer overflows and palette size mismanagement. The PoC creates multiple BMP files with crafted dimensions, palette sizes, and RLE encoding to demonstrate the vulnerabilities.

Description

Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ivan Fratric · cdoswindows

https://www.exploit-db.com/exploits/29819

View Code ZIP pw:eip

This exploit generates malformed BMP files to trigger denial-of-service conditions in IrfanView by exploiting integer overflows and palette size mismanagement. The PoC creates multiple BMP files with crafted dimensions, palette sizes, and RLE encoding to demonstrate the vulnerabilities.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: IrfanView 3.99

No auth needed

Prerequisites: Ability to deliver malformed BMP files to the target system

MITRE ATT&CK