Menu

#31 Security Issue

V1.0.12
closed-fixed
David Kleiner
None
5
2013-11-02
2013-10-31
Debasish Mandal
No

Hello,

Googling "Free Image Viewer" gave this tool on top of result, so I started playing with it.It's a great tool.

Any way I believe I have identified a pretty critical security issue in this software.

Exploiting this bug may allow attacker to execute arbitrary code(http://en.wikipedia.org/wiki/Arbitrary_code_execution) on user's system.

Here I'm attaching a video to show how the thing works. Exploit used in this video just to prove the point so its kind of hard coded. So may not work in every system.
Attaching a minimal gif file as POC to trigger this bug.Hope fixing this will fix this hole too.

https://dl.dropboxusercontent.com/u/107519001/JPEG-View-POC.zip

Thank you!

Discussion

  • David Kleiner

    David Kleiner - 2013-11-02
    • status: open --> closed-fixed
     

  • David Kleiner

    David Kleiner - 2013-11-02

    Fixed in version 1.0.30. Files with width or height smaller than 65535 are handled correctly now when they fit into memory, files larger than this are denied to load without crashing.

     

  • Debasish Mandal

    Debasish Mandal - 2013-11-02

    Hi,

    Great!David, can please let me know, when you will release the patched version (1.0.30)?

    Thanks,
    Debasish

     

Log in to post a comment.