Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header.
The product writes data past the end, or before the beginning, of the intended buffer.
Link | Tags |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/89806 | vdb entry third party advisory |
https://www.irfanview.com/history_old.htm | release notes |