Announcement

Collapse
No announcement yet.

Cve-2023-24304

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Fixed Cve-2023-24304

    hi, any news on a fix for CVE-2023-24304 ?
    Tags: None
    #2
    The bug was found in version 4.60. The current IrfanView version is 4.62.
    My system: IrfanView 4.62 64bit, Windows 10 22H2, Intel Core i5-3570, 16GB RAM, NVidia GTX 1050Ti 4GB

    Comment

      #3
      many thanks, didn't see any explicit mention of it in the changelogs so wasn't certain

      Comment

        #4
        Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0.

        Any news on a new Update?
        CVE-2023-26974
        Last edited by stipe.soldo; 12.04.2023, 10:55 AM.

        Comment

          #5
          Have you reported the bug to Irfan Skiljan?

          Apparently, it was already fixed.
          Last edited by Bhikkhu Pesala; 12.04.2023, 08:22 AM.
          Before you post ... Edit your profile • IrfanView 4.62 • Windows 10 Home 19045.2486

          Irfan PaintIrfan View HelpIrfanPaint HelpRiot.dllMore SkinsFastStone CaptureUploads

          Comment

            #6
            I informed Irfan about the issue through email.

            Comment

              #7
              FYI: IrfanView 4.62 is currently being detected as a vulnerability in Acronis:

              cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26974
              cve.org/CVERecord?id=CVE-2023-26974

              Reference: github.com/overXsky/IrfanviewPoc

              Comment

                #8
                Individual plugins are being updated between IrfanView releases.
                Please check PlugIns updated after the version 4.62 section on the Plugins download page.

                ?
                My system: IrfanView 4.62 64bit, Windows 10 22H2, Intel Core i5-3570, 16GB RAM, NVidia GTX 1050Ti 4GB

                Comment

                  #9
                  Updated after version 4.62
                  • JP2 (JPEG2000) PlugIn (4.62) - ZIP (32 bit) or ZIP (64 bit) - Loading errors fixed, thanks to overXsky (CVE-2023-26974)
                  ?
                  Before you post ... Edit your profile • IrfanView 4.62 • Windows 10 Home 19045.2486

                  Irfan PaintIrfan View HelpIrfanPaint HelpRiot.dllMore SkinsFastStone CaptureUploads
                  • Likes 1

                  Comment

                    #10
                    Originally posted by Bhikkhu Pesala View Post
                    Updated after version 4.62
                    • JP2 (JPEG2000) PlugIn (4.62) - ZIP (32 bit) or ZIP (64 bit) - Loading errors fixed, thanks to overXsky (CVE-2023-26974)
                    ?
                    According to Irfan, you should copy the new JPEG2000.dll file into your plugin folder.
                    However, please note that it will not be recognized by Windows Defender portal or Acronis until you have upgraded to IrfanView version 4.63 or higher.
                    ?
                    Last edited by stipe.soldo; 13.04.2023, 05:19 AM.

                    Comment

                      #11
                      Yes, replace the DLL file with the fixed version. Then you can ignore security warnings regarding this bug.
                      I'm marking this as fixed.
                      My system: IrfanView 4.62 64bit, Windows 10 22H2, Intel Core i5-3570, 16GB RAM, NVidia GTX 1050Ti 4GB

                      Comment

                      Previous template Next
                      Working...
                      X