CVE-2012-3585

IrfanView PlugIns < 4.33 - Remote Code Execution via Crafted JLS File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3585. PoCs published by Joseph Sheridan.

AI-analyzed exploit summary The advisory describes a heap-based buffer overflow in IrfanView's JLS Plugin (jpeg_ls.dll) due to improper input sanitization. A specially crafted JLS file can lead to remote code execution when opened by a user.

Description

Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file.

Exploits (1)

exploitdb WRITEUP

by Joseph Sheridan · textdoswindows

https://www.exploit-db.com/exploits/19483

View Code ZIP pw:eip

The advisory describes a heap-based buffer overflow in IrfanView's JLS Plugin (jpeg_ls.dll) due to improper input sanitization. A specially crafted JLS file can lead to remote code execution when opened by a user.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: IrfanView Plugins version 4.33

No auth needed

Prerequisites: User interaction to open a malicious JLS file

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-06/0191.html

Various Sources x_refsource_misc

http://www.reactionpenetrationtesting.co.uk/Irfanview-JLS-Heap-Overflow.html

Scores

EPSS 0.0774

EPSS Percentile 93.9%

Details

CWE

CWE-119

Status published

Products (1)

irfanview/irfanview_plugins < 4.33

Published Jul 05, 2012

Tracked Since Feb 18, 2026