CVE-2007-1948

Name of the Vulnerable Software and Affected Versions IrfanView version 3.99

Description The issue allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the xoffset or yoffset RLE command, or large non-RLE encoded blocks in a crafted BMP image.

Recommendations For IrfanView version 3.99, consider avoiding the use of RLE commands or non-RLE encoded blocks in BMP images until a patch is available. As a temporary workaround, restrict the opening of crafted BMP images to minimize the risk of exploitation.