CVE-2010-1509

CVSS V2 Medium 5 CVSS V3 None

Description

IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error."

Overview

CVE ID
CVE-2010-1509

Assigner
PSIRT-CNA@flexerasoftware.com

Vulnerability Status
Modified

Published Version
2010-05-14T19:30:01

Last Modified Date
2018-10-10T19:57:19

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:irfanview:irfanview::::::::	1	OR	4.25
cpe:2.3:a:irfanview:irfanview:1.70:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:1.75:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:1.80:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:1.85:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:1.90:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:1.95:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:1.97:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:1.98:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:1.98a:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:1.99:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.00:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.05:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.07:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.10:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.12:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.15:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.17:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.18:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.20:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.22:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.25:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.27:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.30:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.32:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.35:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.37:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.40:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.50:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.52:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.55:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.60:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.62:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.63:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.65:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.66:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.68:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.80:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.82:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.83:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.85:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.90:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.92:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.95:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.97:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:2.98:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.00:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.02:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.05:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.07:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.10:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.12:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.15:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.17:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.20:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.21:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.25:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.30:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.33:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.35:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.36:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.50:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.51:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.60:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.61:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.70:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.75:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.80:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.85:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.90:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.91:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.92:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.95:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.97:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.98:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:3.99:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:4.00:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:4.10:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:4.20:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:4.22:::::::*	1	OR
cpe:2.3:a:irfanview:irfanview:4.23:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
NONE

Integrity Impact
NONE

Availability Impact
PARTIAL

Base Score
5

Severity
MEDIUM

Exploitability Score
10

Impact Score
2.9

References

Reference URL	Reference Tags
http://irfanview.com/main_history.htm
http://secunia.com/secunia_research/2010-41	Vendor Advisory
http://secunia.com/advisories/39036	Vendor Advisory
http://www.securityfocus.com/bid/40104
http://osvdb.org/64627
https://exchange.xforce.ibmcloud.com/vulnerabilities/58548
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6705
http://www.securityfocus.com/archive/1/511274/100/0/threaded

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2010-1509
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1509

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:30:54				Added to TrackCVE