Double Free Vulnerability in FlashPix PlugIn for IrfanView
CVE-2012-0025

Currently unrated

Key Information:

Vendor

Irfanview
Status
FlasHPix Plugin
Vendor
CVE Published:
2 November 2012

What is CVE-2012-0025?

A double free vulnerability exists in the Free_All_Memory function within the libfpx library, specifically affecting the FlashPix PlugIn version 4.2.2.0 for IrfanView. This flaw enables remote attackers to execute a denial of service attack, potentially crashing the application when processing a maliciously constructed FPX image file. Users of IrfanView should be cautious and ensure their installation of the plugin is updated to the latest version to mitigate this risk.

References

http://www.protekresearchlab.com/index.php?option=com_con...
x_refsource_MISC
http://secunia.com/advisories/47322
third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/77958
vdb-entryx_refsource_OSVDB

EPSS Score

22% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.